Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

<h3>Overview</h3><div><div>Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has <a href=“http://blog.talosintelligence.com/2017/06/lexmark-perceptive-vuln-deep-dive.html”>previously discussed in detail</a> these filters and how they operate. The software update to resolve these vulnerabilities can be found <a href=“https://delivery.kofax.com/”>here</a>.<br /><br /><a></a><br /></div></div><h3>TALOS-2017-0322</h3><div><div><i>Discovered by Marcin Noga of Cisco Talos</i></div><div><br /></div><div>TALOS-2017-0322 / CVE-2017-2821 is a code execution vulnerability in the PDF parsing functionality of the Lexmark Perceptive Document Filters. This particular vulnerability is an use-after-free issue related to the ‘GfxFont’ variable and can be triggered via a specially crafted PDF document resulting in code execution. Full details of the vulnerability are available <a href=“http://www.talosintelligence.com/reports/TALOS-2017-0322”>here</a>.</div></div><h3>TALOS-2017-0323</h3><div><div><i>Discovered by Marcin Noga & Lillyth Wyatt of Cisco Talos</i></div><div><br /></div><div>TALOS-2017-0323 / CVE-2017-2822 is a code execution vulnerability in the image rendering functionality of Lexmark Perceptive Document Filters. This particular vulnerability can be triggered via a specially crafted PDF document causing a function call to a corrupted DCTStream, eventually resulting in user controlled data being written to the stack. Full details of the vulnerability are available <a href=“http://www.talosintelligence.com/reports/TALOS-2017-0323”>here</a>.</div></div><h3>Coverage</h3><div><div>The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.</div><div><br /></div><div>Snort Rule: 42313-42314, 42399-42400</div></div><div><br /></div><div><br /></div><div><br /></div><div>
<a href=“http://feeds.feedburner.com/~ff/feedburner/Talos?a=9ummBkeh6YQ:Vk56E5sCv34:yIl2AUoC8zA”><img src=“http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA”></img></a>
</div><img src=“http://feeds.feedburner.com/~r/feedburner/Talos/~4/9ummBkeh6YQ” height=“1” width=“1” alt />