
Vulnerability Spotlight: Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos
Overview
Cisco Talos is releasing details of a new vulnerability in Google PDFium’s JBIG2 library. An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2-parsing code in Google Chrome, version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak. That leak could be used as part of an exploit. An attacker needs to trick the user into visiting a malicious site to trigger the vulnerability.
In accordance with our coordinated disclosure policy, Cisco Talos has worked with Google to ensure that these issues have been resolved and that an update has been made available for affected users. It is recommended that this update is applied as quickly as possible to ensure that systems are no longer affected by this vulnerability.
from Cisco Blog » Security https://ift.tt/2O4nGFi
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.