Main Vulnerability Database Exploits ID:2718 - Exploit for Stack-based buffer overflow in Quick PDF Library - CVE-2018-20247

ID:2718 - Exploit for Stack-based buffer overflow in Quick PDF Library - CVE-2018-20247

Published: May 18, 2020

Vulnerability identifier: #VU16696

Vulnerability risk: Low

CVE-ID: CVE-2018-20247

CWE-ID: CWE-121

Exploitation vector: Local access

Vulnerable software:
Quick PDF Library

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-2043/

Vulnerability description

The vulnerability allows a local attacker to gain elevated privileges the target system.

The weakness exists due to stack based buffer overflow when handling malicious input. A local attacker can load a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 16.12.

ID:2718 - Exploit for Stack-based buffer overflow in Quick PDF Library - CVE-2018-20247

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human