The following four vulnerabilities were disclosed in the Document Filters library and patched in March with build 11.4.2822. Brainware versions 5.6.X, 5.7.X, 5.8.x and 5.8.1 are both known to contain vulnerable versions of this library.
Affected Products and Versions:
Brainware 5.6.X, 5.7.X, 5.8, 5.8.1
Fixed Versions:
Brainware 5.8.x Hot Patch for Document Filters 11.4.0.2822
Summary of Risk:
These vulnerabilities allow a properly formatted document that triggers the Document Filters conversion logic to corrupt the system memory, potentially allowing for malicious code execution. The potential for these vulnerabilities to be used to trigger malicious code and the risks associate with this level of access have cause this to have a severity rating of critical. Successful exploitation will result in the attacker being granted the privileges of the user running the associated application.
Brainware’s use of this library is limited to PDF processing which is does not call the vulnerable sections of code. While the Brainware product contains a version of the library with this set of vulnerabilities, it is not vulnerable.
Steps to Remediate:
Customers running 5.6.X or 5.7.X builds will need to upgrade to the Brainware Intelligent Capture 5.8.x Hot Patch for Document Filters 11.4.0.2822 build.
This bulletin has been published out of an abundance of caution to alert customers and partners that this vulnerability was disclosed and mitigated.