ActivePDF Toolkit < 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are provided. Amongst many other operations, this library can be used by applications to transform images to PDF files. Multiple vulnerabilities were identified in the Pictview image processing library embedded by the Toolkit and signed by ActivePDF. They could allow remote attackers to compromise applications relying on the Toolkit to process untrusted images. Note that, while the example instances hereafter use “exotic” file types, the parser determines the image type from magic bytes, ignoring file extensions in most cases. CVE === CVE-2018-7264 Affected versions ================= ActivePDF Toolkit before 8.1.0 (build 8.1.0.19023) Author ====== François Goichon - Google Security Team CVE-2018-7264 ============= ActivePDF Toolkit < 8.1.0.19023 multiple RCE Summary
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment