Lucene search

[email protected]CVE-2022-24960

HistoryMar 10, 2022 - 5:46 p.m.

CVE-2022-24960

2022-03-1017:46:58

CWE-416

[email protected]

web.nvd.nist.gov

pdftron

sdk

vulnerability

use after free

cve-2022-24960

heap overflow

nvd

security advisory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.

Affected configurations

NVD

Node

pdftronpdftronMatch9.2.0

AND

linuxlinux_kernelMatch-

applemacosMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
pdftron:pdftronpdftroneq9.2.0

CPE	Name	Operator	Version
pdftron:pdftron	pdftron	eq	9.2.0

References

github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json

www.pdftron.com/nightly/#stable/2022-02-08/9.2/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for CVE-2022-24960

prion1 nvd1 cvelist1