EUVD-2019-14671

Malware in sbrugna...

CVE-2019-5042

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...

Remote Code Execution

aspose.pdf is vulnerable to remote code execution. A use-after-free vulnerability exists when malicious FunctionType 0 PDF elements are processed, allowing an attacker to exploit the vulnerability and execute arbitrary code...

Remote Code Execution

Aspose.PDF is vulnerable to remote code execution. An uninitialized memory access allow an attacker to corrupt memory and execute arbtirary code via a malicious PDF document...

CVE-2019-5042

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...

CVE-2019-5066

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...

CVE-2019-5067

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...

Design/Logic Flaw

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...

Memory corruption

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this...

CVE-2019-5042

Summary: CVE-2019-5042 is an exploitable Use-After-Free in Aspose.PDF for C++ (FunctionType 0 PDF elements). A specially crafted PDF can create a dangling heap pointer, enabling memory corruption and potential remote code execution. Talos’ advisory confirms Aspose.PDF for C++ 19.2 is affected, wi...

CVE-2019-5042

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability...

CVE-2019-5067

Aspose.PDF for C++ 19.2 contains an uninitialized memory access vulnerability in handling invalid Parent pointers, causing a read/write of uninitialized memory, memory corruption and potential arbitrary code execution when processing crafted PDFs. TALOS details confirm this as a use case that can...

CVE-2019-5067

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this...

CVE-2019-5066

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...

CVE-2019-5066

CVE-2019-5066 is an exploitable use-after-free in Aspose.PDF for C++ 19.2, triggered while processing LZWDecode streams in PDFs, leading to potential arbitrary code execution. The issue stems from mismanagement of a freed LZWStream object, as detailed by Talos’ advisory (TALOS-2019-0855) and rela...

Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API

Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in API...

Aspose.PDF for C++ parent generation remote code execution vulnerability

Summary An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger thi...

Aspose.PDF for C++ LZWDecode filter predictor remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2.for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF...

Aspose.PDF for C++ Remote Code Execution Vulnerability

Summary An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free . An attacker can send a malicious PDF to trigger this vulnerability...