Information Disclosure Vulnerability in OpenText Brava! Desktop Software
CVE-2021-31506

3.3LOW

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 29 June 2021

Summary

A vulnerability exists in OpenText Brava! Desktop that permits remote attackers to disclose sensitive information through malicious PDF files. The flaw arises from the inadequate validation of user-supplied data during the PDF parsing process, which can lead to the ability to read beyond the end of an allocated data structure. Successful exploitation of this issue requires user interaction, as the victim must either visit a malicious webpage or open a compromised file. This vulnerability may also be exploited in conjunction with other vulnerabilities to execute arbitrary code within the context of the current process.

Affected Version(s)

Brava! Desktop Build 16.6.4.55

References

https://www.zerodayinitiative.com/advisories/ZDI-21-647/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative