usd-2018-0019 | Pdf-Xchange Viewer, Viewer AX SDK/2.5.322.7 and earlier
Advisory ID: usd-2018-0019
CVE Number: CVE-2018-6462
Affected Product: Pdf-Xchange Viewer
Affected Version: 2.5.322.7 and earlier
Vulnerability Type: Heap Overflow
Security Risk: High
Vendor URL: https://www.tracker-software.com
Vendor Status: Fixed
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
There are many ways an attacker could exploit this issue, the most straight forward would be to overflow critical data like function pointers that happen to be allocated next to the heap-chunk that overflows. Calling a function by a function pointer that is controlled by an attacker will give the attacker full control over the running process and the attacker would then be able to run arbitrary code which is considered a very critical vulnerability.
Proof of Concept
Issue is fixed in Build 2.5.322.8 on 24. January 2018 by Tracker Software
- 2018-01-23 Sebastian Feldmann first informed Tracker Software about the vulnerability
- 2018-01-23 Tracker Software urged for information about the security issue
- 2018-01-24 Tracker Software received the information about the security issue and had them fixed within 24 hours
- 2018-01-30 Tracker Software published an article about the security issue on their website: Link
This security vulnerabilities were found by Sebastian Feldmann of usd AG.
ABOUT usd SECURITY ADVISORIES
In order to protect businesses against hackers and criminals, we always have to keep our skills and knowledge up to date. Thus, security research is just as important for our work as is building up a security community to promote the exchange of knowledge. After all, more security can only be achieved if many individuals take on the task.
Our CST Academy and our usd HeroLab are essential parts of our security mission. We share the knowledge we gain in our practical work and our research through training courses and publications. In this context, the usd HeroLab publishes a series of papers on new vulnerabilities and current security issues.
Always for the sake of our mission: „more security.“
In accordance with usd AG’s Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities.
The information provided in this security advisory is provided „as is“ and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible.