Vulnerabilities > CVE-2019-5067 - Use of Uninitialized Resource vulnerability in Aspose Aspose.Pdf for C++ 19.2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

aspose

CWE-908

critical

NVD

Published: 2019-09-18

Updated: 2022-06-27

Summary

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.

Vulnerable Configurations

Part	Description	Count
Application	Aspose Aspose Aspose.Pdf FOR C++ 19.2	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

Talos

id	TALOS-2019-0856
last seen	2019-09-20
published	2019-09-17
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0856
title	Aspose.PDF for C++ parent generation remote code execution vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0856