exploitDog

CVE-2018-7264

Опубликовано: 28 фев. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.

Ссылки

http://seclists.org/fulldisclosure/2018/Feb/74
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/44251/
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Feb/74
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/44251/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:activepdf:activepdf_toolkit:*:*:*:*:*:*:*:*

Версия до 8.1.0.19023 (исключая)

EPSS

Процентиль: 94%

0.1289

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-fch6-4rhp-4hqm

CVSS3: 9.8

github

больше 3 лет назад

The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.

EPSS

Процентиль: 94%

0.1289

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787