CVE-2018-7264
published 2018-02-28CVE-2018-7264: The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.99%
95.8th percentile
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activepdf | activepdf_toolkit | < 8.1.0.19023 | 8.1.0.19023 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
header = pack("IIIIIII", 0x59A66A95, 0x100, 1, 8, 0, 2, 1)bytes↗
header = "\x00\x01\x00"
- →Exploit targets the Pictview image processing library embedded in ActivePDF Toolkit; monitor for processing of untrusted .iff, .ras, and .bpx/.tga image files through ActivePDF Toolkit versions through 2018.1.0.18321 ↗
- →Exploit PoC crafts malicious IFF, Sun Raster (.ras), and Truevision Targa (.bpx) image files with oversized or sign-manipulated fields to trigger out-of-bounds write; detect anomalous image files with magic bytes 0x59A66A95 (Sun Raster) submitted to ActivePDF processing endpoints ↗
- →Successful exploitation results in EIP control with value 0x41414141 (AAAA); monitor for crashes or access violations in ActivePDF Toolkit processes with EIP=41414141 ↗
- →Affected file types include Zoner Draw images (.zmf, .zbr) and Truevision Targa images (.bpx); flag submission of these file types to ActivePDF Toolkit for inspection ↗
- →Affected file types include Truevision Targa images (.bpx); flag submission of these file types to ActivePDF Toolkit for inspection ↗
- ·This fix also addresses the related ZDI-16-354 vulnerability, as both shared the same Pictview library component ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-28
Published