Vulnerability Description
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activepdf | Activepdf Toolkit | < 8.1.0.19023 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Feb/74ExploitMailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/44251/ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Feb/74ExploitMailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/44251/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-7264?
CVE-2018-7264 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary...
How severe is CVE-2018-7264?
CVE-2018-7264 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7264?
Check the references section above for vendor advisories and patch information. Affected products include: Activepdf Activepdf Toolkit.