Main Vulnerability Database Exploits ID:2720 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20249

ID:2720 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20249

Published: May 18, 2020

Vulnerability identifier: #VU16698

Vulnerability risk: Low

CVE-ID: CVE-2018-20249

CWE-ID: CWE-125

Exploitation vector: Local access

Vulnerable software:
Quick PDF Library

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-2045/

Vulnerability description

The vulnerability allows a local attacker to bypass security restrictions the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct for further attacks.

Remediation

Update to version 16.12.

ID:2720 - Exploit for Out-of-bounds read in Quick PDF Library - CVE-2018-20249

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human