Vulnerabilities > CVE-2018-7264 - Out-of-bounds Write vulnerability in Activepdf Toolkit

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

activepdf

CWE-787

critical

exploit available

NVD

Published: 2018-02-28

Updated: 2024-11-21

Summary

The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.

Vulnerable Configurations

Part	Description	Count
Application	Activepdf Activepdf Activepdf Toolkit 5.4.2.14043 Activepdf Activepdf Toolkit 5.4.3.14134 Activepdf Activepdf Toolkit 5.5.0.15028 Activepdf Activepdf Toolkit 5.5.1.15339 Activepdf Activepdf Toolkit 5.5.2.16278	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Exploit-Db

description	ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions. CVE-2018-7264. Dos exploit for Windows platform
file	exploits/windows/dos/44251.txt
id	EDB-ID:44251
last seen	2018-05-24
modified	2018-03-05
platform	windows
port
published	2018-03-05
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44251/
title	ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions
type	dos

Packetstorm

data source	https://packetstormsecurity.com/files/download/146599/activepdftoolkit-exec.txt
id	PACKETSTORM:146599
last seen	2018-03-01
published	2018-02-27
reporter	Francois Goichon
source	https://packetstormsecurity.com/files/146599/ActivePDF-Toolkit-Code-Execution.html
title	ActivePDF Toolkit Code Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References