usd-2018-0019 | Pdf-Xchange Viewer, Viewer AX SDK/2.5.322.7 and earlier

Advisory ID: usd-2018-0019
CVE Number: CVE-2018-6462
Affected Product: Pdf-Xchange Viewer
Affected Version: 2.5.322.7 and earlier
Vulnerability Type: Heap Overflow
Security Risk: High
Vendor URL: https://www.tracker-software.com
Vendor Status: Fixed

Description

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

There are many ways an attacker could exploit this issue, the most straight forward would be to overflow critical data like function pointers that happen to be allocated next to the heap-chunk that overflows. Calling a function by a function pointer that is controlled by an attacker will give the attacker full control over the running process and the attacker would then be able to run arbitrary code which is considered a very critical vulnerability.

Proof of Concept (PoC)

Not available.

Fix

Issue is fixed in Build 2.5.322.8 on 24. January 2018 by Tracker Software

Timeline

2018-01-23 Sebastian Feldmann first informed Tracker Software about the vulnerability
2018-01-23 Tracker Software urged for information about the security issue
2018-01-24 Tracker Software received the information about the security issue and had them fixed within 24 hours
2018-01-30 Tracker Software published an article about the security issue on their website: Link

Credits

This security vulnerabilities were found by Sebastian Feldmann of usd AG.

usd-2018-0019 | Pdf-Xchange Viewer, Viewer AX SDK/2.5.322.7 and earlier

Description

Proof of Concept (PoC)

Fix

Timeline

Credits

About usd Security Advisories

Disclaimer

usd HeroLab

Contact

Follow Us

LabNews

Security Advisories for SONIX and SAP

The Surprising Complexity of Finding Known Vulnerabilities

Security Advisories for Zimperium and FileCloud