An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially…
talos·CWE-416·Published 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.
Se presenta una vulnerabilidad de acceso a la memoria no inicializada en la manera en que Aspose.PDF versión 19.2 para C++ maneja los punteros de objetos primarios no válidos. Un PDF especialmente diseñado puede causar una lectura y escritura desde la memoria no inicializada, resultando en la corrupción de la memoria y posiblemente en la ejecución de código arbitrario. Para desencadenar esta vulnerabilidad, un documento PDF específicamente diseñado debe ser procesado por la aplicación de destino.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 9.8 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.0 | Primary | cve.org | 9.8 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.0 | Secondary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |