17 Sep 2018
CVE-2018-14320 - CVE Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. (CVSS:0.0) (Last Update:2018-09-17)
Vulnerability Details : This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. Publish Date : 2018-09-17 Last Update Date : 2018-09-17 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-14320
- References For CVE-2018-14320
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-14320There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |