Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that converts PDFs and allows users to create and edit them. Other features include PDF signing,

redactions and annotations. An attacker could exploit these vulnerabilities to execute arbitrary code on the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Investintech to ensure that these issues are resolved and that updates are available for affected customers on various operating systems.

Vulnerability details Investintech Able2Extract professional JPEG decoding code execution vulnerability (TALOS-2019-0881/CVE-2019-5089)

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit this vulnerability by providing the user with a specially crafted JPEG file.

Read the complete vulnerability advisory here for additional information.

Investintech Able2Extract professional JPEG decoding code execution vulnerability (TALOS-2019-0880/CVE-2019-5088)

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. A user could trigger this vulnerability by sending the user a specially crafted BMP file.

Read the complete vulnerability advisory here for additional information.

Versions tested Talos tested and confirmed that Investintech Able2Extract Professional, version 14.0.7 x64, is susceptible to these vulnerabilities.

Coverage The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 50864 - 50869