SB2019101106 - Multiple vulnerabilites in NitroPDF
Published: October 11, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2019-5050)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "Page", "Kids" objects due to a boundary error when processing PDF files. A remote attacker can send a specially crafted PDF file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2019-5045)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the PDF parsing functionality due to a boundary error when processing jpeg2000 files with an unusually large "ssizDepth" value in "siz" block of the code stream embedded in a PDF file. A remote attacker can send a specially crafted jpeg2000 file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2019-5046)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing jpeg2000 files with an unusually large "xSiz" and "yTsiz". A remote attacker can send a specially crafted jpeg2000 file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2019-5048)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "ICCBased" color space object due to a boundary error when processing PDF files. A remote attacker can send a specially crafted PDF file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Use-after-free (CVE-ID: CVE-2019-5047)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "CharProcs" parsing functionality. A remote attacker can send a specially crafted PDF, cause a type confusion, resulting in a Use After Free and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Use-after-free (CVE-ID: CVE-2019-5053)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the Length parsing function. A remote attacker can send a specially crafted PDF and cause a type confusion, resulting in a use-after-free condition.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0819
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0814
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0815
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0817
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0816
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0830