CVE-2021-31504

Vulnerability

This vulnerability affects OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). The bug resides in the parsing of PDF files, where the software fails to properly validate a user-supplied value before dereferencing it as a pointer. This flaw exists in the PDF-file parsing component and requires user interaction to trigger (the target must visit a malicious page or open a crafted PDF file) [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted PDF file or to navigate to a web page that triggers the file load. No authentication or special network position is required beyond the ability to deliver the malicious file/page to the user. Upon opening the file, the flawed pointer dereference occurs during PDF parsing, allowing the attacker's data to control the program's execution flow [1].

Impact

Successful exploitation grants the attacker arbitrary code execution in the context of the current process (the Brava! Desktop application). This leads to a full compromise of the user's session, potentially allowing the attacker to read, modify, or delete data, install malware, or perform other actions with the privileges of the target user [1].

Mitigation

As of the publication date (2021-08-03) and the ZDI advisory (2021-06-07), no official patch or fixed version was disclosed. OpenText Brava! Desktop users should consult the vendor for updated software or apply recommended workarounds. The vulnerability is not listed as KEV at the time of writing [1]. Users can mitigate risk by avoiding opening untrusted PDF files until a patch is available.