Tuesday, September 17, 2019

Vulnerability Spotlight: Multiple vulnerabilities in Aspose PDF API


Marcin Noga of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered multiple remote code execution vulnerabilities in the Aspose.PDF API. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in APIs that help process PDFs. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious file to the target and trick them into opening it while using the corresponding API.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Aspose to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Aspose.PDF FunctionType 0 remote code execution vulnerability (TALOS-2019-0809/CVE-2019-5042)

An exploitable use-after-free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. 

Read the complete vulnerability advisory here for additional information. 

Aspose.PDF for C++  LZWDecode filter predictor remote code execution vulnerability (TALOS-2019-0855/CVE-2019-5066)

An exploitable use-after-free vulnerability exists in the way LZW compressed streams are processed in Aspose.PDF 19.2. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.

Read the complete vulnerability advisory here for additional information.

Aspose.PDF for C++  parent generation remote code execution vulnerability (TALOS-2019-0856/CVE-2019-5067)

An uninitialized memory access vulnerability exists in the way Aspose.PDF for C++ 19.2 handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.

Read the complete vulnerability advisory here for additional information. 

Versions tested

Talos tested and confirmed that these vulnerabilities affect Aspose.PDF, version 19.2.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 50730, 50731, 50738, 50739


No comments:

Post a Comment