Main Vulnerability Database Exploits ID:2719 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20248

ID:2719 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Published: May 18, 2020

Vulnerability identifier: #VU16697

Vulnerability risk: Low

CVE-ID: CVE-2018-20248

CWE-ID: CWE-125

Exploitation vector: Local access

Vulnerable software:
Quick PDF Library

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-2044/

Vulnerability description

The vulnerability allows a local attacker to bypass security restrictions the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct further attacks.

Remediation

Update to version 16.12.

ID:2719 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human