Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5067 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | |||||
| CVE-2019-5066 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | |||||
| CVE-2019-5042 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. | |||||