Heap Overflow Vulnerability in Lexmark Perceptive Document Filters
CVE-2016-5646

7.8HIGH

Key Information:

Vendor: Lexmark
Status: Perceptive Document Filters
Vendor: CVE Published:; 6 January 2017

What is CVE-2016-5646?

A heap overflow vulnerability exists within the Compound Binary File Format (CBFF) parser of Lexmark's Perceptive Document Filters library. This flaw can be exploited when an attacker sends a specially crafted CBFF file, leading to potential arbitrary code execution. Proper validation and sanitization of input files are critical to mitigate this severe security risk.

Affected Version(s)

Perceptive Document Filters 11.2.0.1732

References

http://www.talosintelligence.com/reports/TALOS-2016-0185/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2017
Vulnerability Reserved
Jun 16, 2016