CVE-2021-31506
Description
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenText Brava! Desktop Build 16.6.4.55 has an out-of-bounds read in PDF parsing, allowing remote attackers to leak sensitive information via a crafted file.
Vulnerability
OpenText Brava! Desktop Build 16.6.4.55 contains an out-of-bounds read vulnerability in the parsing of PDF files. The flaw stems from a lack of proper validation of user-supplied data within the PDF parsing routine, leading to a read past the end of an allocated data structure. The affected product version is explicitly Build 16.6.4.55 [1].
Exploitation
An attacker must convince a target user to visit a malicious webpage or open a crafted PDF file. No authentication is required, but user interaction is necessary. The attacker does not need any special local privileges; the exploit is delivered remotely through social engineering [1].
Impact
Successful exploitation results in the disclosure of sensitive information (confidentiality impact) from the application's memory. While the direct consequence is an information leak, an attacker could potentially combine this flaw with other vulnerabilities to achieve arbitrary code execution in the context of the current process [1].
Mitigation
According to the available reference, no official patch or updated version has been mentioned as of the advisory publication date (June 7, 2021). Users should contact OpenText for the latest fixes, consider restricting access to untrusted PDF files, and apply any updates when they become available [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = Build 16.6.4.55
- OpenText/Brava! Desktopv5Range: Build 16.6.4.55
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.zerodayinitiative.com/advisories/ZDI-21-647/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.