CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-5019

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile1.84th
Published2019年3月7日
Last Modified2024年11月21日

Vulnerability Description

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.

Affected Platforms (CPE)

📦
Rainbowpdf

Office Server Document Converter

= 7.0

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780

相關漏洞威脅

CVE-2010-02639.3

Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and ...

CVE-2018-39328.8

An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Off...

CVE-2019-50308.8

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Conver...

CVE-2018-39338.8

An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Serv...