CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5019

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile1.84th
PublishedMar 7, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.

Affected Platforms (CPE)

📦
Rainbowpdf

Office Server Document Converter

= 7.0

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780

Related Vulnerabilities

CVE-2010-02639.3

Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and ...

CVE-2018-39328.8

An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Off...

CVE-2019-50308.8

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Conver...

CVE-2018-39338.8

An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Serv...