Next, the application will load the 64-bit integer representing the “Indexed” atom. As this advisory involves the “/Indexed” colorspace, the application will continue on and check the next colorspace type. Afterwards at, the application will pass a string to the “ICCBased” atom and then compare it against the atom representing the selected ColorSpace. If this is uninitialized, the application will pass the string to the ASAtomFromString function at. First, the function will load the 64-bit number representing the “ICCBased” atom. This is done by first checking the colorspace name agained the “/ICCBased” atom. This function will first identify what type of colorspace was selected by the creator of the page.
When a colorspace is chosen by the contents of the page, the following function is executed. When the application is rendering a page, it must interpret a number of commands in order to build the contents of the page. Later when loading colors into this buffer, a buffer overflow will occur.
Due to an integer overflow, the application can miscalculate the size of the indexed palette resulting in an undersized buffer. When the application renders the page, it will allocate space for the indexed color palette and load colors into the allocated space. One of the available colorspaces is the “Indexed” colorspace which allows the creator to include an indexed color palette in the document in order to use for coloring the different parts of a page. When creating a page for a document, the creator is allowed to specify the colorspace to use when drawing the page’s different components.
NITRO PDF CREATOR CRASH PORTABLE
The Nitro Pro application allows users to read, modify, and create documents that follow the Portable Document Format standard. This is supported by their Nitro Pro application as part of their Nitro Productivity Suite.
NITRO PDF CREATOR CRASH SOFTWARE
develops commercial software used to create, edit, sign, and secure Portable Document Format files and digital documents. This product allows users to create and modify documents that follow the Portable Document Format (PDF) specification and other digital documents. Nitro Pro is Nitro Software’s PDF editor and flagship product. includes their flagship product, Nitro Pro as part of their Nitro Productivity Suite. Tested VersionsĨ.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWEĬWE-680 - Integer Overflow to Buffer Overflow Details A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
NITRO PDF CREATOR CRASH CODE
When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.
0 kommentar(er)
