cvedb.io
CVE-2019-5019
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2019-03-07T20:29:00.390 · Last modified 2026-06-17T02:36:59.787

Summary

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.

Affected products

rainbowpdf — office_server_document_converter

Does this affect you?

Add your gear to cvedb and we'll alert you only when rainbowpdf ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.