← Back to CVEs
CVE-2019-5019
CRITICAL9.8
Description
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/7/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
rainbowpdf:office_server_document_converter
Weaknesses (CWE)
CWE-122CWE-787
References
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0780(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.