| ID |
CVE-2018-7264
|
| Summary |
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:activepdf:activepdf_toolkit:5.4.2.14043:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:activepdf_toolkit:5.4.2.14043:*:*:*:*:*:*:*
-
cpe:2.3:a:activepdf:activepdf_toolkit:5.4.3.14134:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:activepdf_toolkit:5.4.3.14134:*:*:*:*:*:*:*
-
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.0.15028:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.0.15028:*:*:*:*:*:*:*
-
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.1.15339:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.1.15339:*:*:*:*:*:*:*
-
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.2.16278:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:activepdf_toolkit:5.5.2.16278:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 23-03-2018 - 16:02) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-787 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| exploit-db | 44251 | | fulldisc | 20180227 ActivePDF Toolkit < 8.1.0 multiple RCE |
|
| Last major update |
23-03-2018 - 16:02 |
| Published |
28-02-2018 - 17:29 |
| Last modified |
23-03-2018 - 16:02 |
