Vulnerabilities > CVE-2019-5030 - Out-of-bounds Write vulnerability in Antennahouse Rainbow PDF Office Server Document Converter 7.0.2019.0220

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

antennahouse

CWE-787

NVD

Published: 2019-10-31

Updated: 2022-06-07

Summary

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.

Vulnerable Configurations

Part	Description	Count
Application	Antennahouse Antennahouse Rainbow PDF Office Server Document Converter 7.0.2019.0220	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0792
last seen	2019-11-07
published	2019-05-14
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0792
title	Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0792