CVE-2021-31491

Vulnerability

This vulnerability exists in OpenText Brava! Desktop version 16.6.3.84. The bug resides in the parsing of DWF files, where the application fails to properly validate user-supplied data, leading to a write past the end of an allocated buffer. This condition allows remote attackers to execute arbitrary code on affected installations. User interaction is required: the target must visit a malicious page or open a malicious file [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious DWF file and delivering it to the target via a webpage or direct file transfer. No special network position or authentication is required beyond the victim's willingness to open the file. Once the victim opens the malicious DWF in Brava! Desktop, the flawed parsing logic triggers an out-of-bounds write, which the attacker can leverage to achieve arbitrary code execution [1].

Impact

Successful exploitation results in arbitrary code execution within the context of the current process. This means the attacker gains the same privileges as the logged-in user, potentially leading to full compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

OpenText (formerly known as Brava!) has not released a fixed version in the available references; the ZDI advisory notes that the vendor was contacted but no patch was made available. Users should consider restricting interaction with untrusted DWF files and applying least-privilege principles. As of the publication date, this vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].