CVE-2019-5042
Description
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free in Aspose.PDF for C++ 19.2 when processing FunctionType 0 PDF elements allows remote code execution via a crafted PDF.
Vulnerability
A use-after-free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF for C++ version 19.2 [1]. The flaw occurs when a specially crafted PDF triggers improper memory management, causing a dangling heap pointer that is subsequently accessed [1]. This affects applications that parse untrusted PDF files using the vulnerable library.
Exploitation
An attacker can exploit this vulnerability by sending a malicious PDF file to a user or service that processes PDFs with Aspose.PDF for C++ 19.2 [1]. No special privileges are required beyond the ability to deliver the file; user interaction is needed to open the PDF [1]. The attacker does not need network access to the target beyond delivering the payload.
Impact
Successful exploitation leads to code execution in the context of the process using the library. Given the CVSSv3 score of 8.8 (High), the impact on confidentiality, integrity, and availability is considered high [1]. An attacker could potentially achieve remote code execution, data corruption, or denial of service.
Mitigation
As of the publication date (2019-09-18), no patched version has been disclosed in the available references [1]. Users should update Aspose.PDF to a later version once a fix is released, or implement strict input validation and sandboxing for PDF processing [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 19.2
- Talos/Aspose.PDF for C++v5Range: 19.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A heap object allocated during FunctionType 0 PDF element parsing is freed while a dangling pointer remains, leading to a use-after-free."
Attack vector
An attacker crafts a PDF containing a FunctionType 0 object with a `/FunctionType 0` dictionary and an accompanying stream. When Aspose.PDF for C++ parses this PDF, it allocates a 0x78-byte heap object during FunctionType processing. A subsequent operation frees this object without clearing the pointer, leaving a dangling reference. The attacker can then trigger a use-after-free by causing the library to access the freed memory, leading to a crash or potential code execution [CWE-416] [ref_id=1].
Affected code
The vulnerability resides in the FunctionType 0 PDF element parsing code within Aspose.PDF_vc141x64.dll. A heap object of size 0x78 is allocated and initialized during parsing, but later freed while a dangling pointer remains accessible. The crash occurs in `System::Collections::Generic::Dictionary<System::String,System::String>::begin+0x8b` when the freed memory is accessed [ref_id=1].
What the fix does
The vendor patched the vulnerability on 2019-09-16 and released the fix publicly on 2019-09-17 [ref_id=1]. While the advisory does not include a patch diff, the remediation addresses the dangling pointer condition by ensuring that after the heap object is freed, no subsequent access occurs through the stale pointer. Users should update to a version of Aspose.PDF for C++ newer than 19.2 to close the vulnerability [ref_id=1].
Preconditions
- configThe target application must use Aspose.PDF for C++ version 19.2 to parse a PDF document
- inputThe attacker must supply a specially crafted PDF containing a FunctionType 0 object
- authNo authentication is required beyond the ability to submit a PDF for processing
- networkThe attack is network-reachable (CVSS:3.0/AV:N)
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2019-0809mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.