Overview

Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in detail these filters and how they operate. The software update to resolve these vulnerabilities can be found here.

TALOS-2017-0322

Discovered by Marcin Noga of Cisco Talos

TALOS-2017-0322 / CVE-2017-2821 is a code execution vulnerability in the PDF parsing functionality of the Lexmark Perceptive Document Filters. This particular vulnerability is an use-after-free issue related to the 'GfxFont' variable and can be triggered via a specially crafted PDF document resulting in code execution. Full details of the vulnerability are available here.

TALOS-2017-0323

Discovered by Marcin Noga & Lillyth Wyatt of Cisco Talos

TALOS-2017-0323 / CVE-2017-2822 is a code execution vulnerability in the image rendering functionality of Lexmark Perceptive Document Filters. This particular vulnerability can be triggered via a specially crafted PDF document causing a function call to a corrupted DCTStream, eventually resulting in user controlled data being written to the stack. Full details of the vulnerability are available here.

Coverage

The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.

Snort Rule: 42313-42314, 42399-42400