Vulnerabilities > CVE-2019-5066 - Use After Free vulnerability in Aspose Aspose.Pdf for C++ 19.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0855 |
last seen | 2019-09-20 |
published | 2019-09-17 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0855 |
title | Aspose.PDF for C++ LZWDecode filter predictor remote code execution vulnerability |