Lucene search

TalosCVELIST:CVE-2019-5019

HistoryMar 07, 2019 - 8:00 p.m.

CVE-2019-5019

2019-03-0720:00:00

CWE-122

talos

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

82.9%

JSON

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.

CNA Affected

[
  {
    "product": "Antenna House",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Antenna House Rainbow PDF Office Server Document Converter v7.0 Pro R1 for Linux64 (7,0,2018,1113)"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2019-0780

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVELIST:CVE-2019-5019