CVE-2021-31502
Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in OpenText Brava! Desktop PDF parsing allows remote code execution via malicious PDF.
Vulnerability
This vulnerability is a use-after-free in the parsing of PDF files within OpenText Brava! Desktop Build 16.6.4.55. The issue arises because the program does not validate the existence of an object before performing operations on it, leading to memory corruption. User interaction is required, as the target must open a malicious PDF file or visit a malicious page that triggers the PDF parser. [1]
Exploitation
An attacker can exploit this vulnerability by crafting a specially designed PDF file and convincing a user to open it or by directing the user to a malicious web page that loads the PDF. No authentication or special network access is required beyond the user's environment. The flaw is reachable via the PDF parsing code path, and successful exploitation results in arbitrary code execution within the context of the current user process. [1]
Impact
Attackers can achieve arbitrary code execution with the privileges of the current user, leading to full compromise of confidentiality, integrity, and availability. The CVSS score is 7.8 (High) under the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. [1]
Mitigation
As of the ZDI advisory publication (June 2, 2021), no official patch was available. Users are advised to verify with OpenText for updates. Until a fix is applied, avoid opening untrusted PDF files to reduce risk. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =16.6.4.55
- OpenText/Brava! Desktopv5Range: Build 16.6.4.55
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.zerodayinitiative.com/advisories/ZDI-21-642/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.