The Able2Extract Professional software which is a cross-platform PDF tool for Windows, Mac and Linux has more than 250,000 licensed users across 135 countries. It helps the users to view, convert and edit PDF files.
Two high-severity memory corruption vulnerabilities were discovered by security experts at Cisco Talos which could be exploited to execute arbitrary code on the targeted machine.
The vulnerabilities which has been tracked as CVE-2019-5088 and CVE-2019-5089, can be triggered using specially crafted JPEG or BMP image files. An attacker could trigger an out-of-bounds memory write by tricking users into opening specially crafted image files using Able2Extract Professional.
The vulnerabilities affect Able2Extract Professional version 14.0.7 x64.
Talos researchers have reported the vulnerabilities to Investintech on August 1 and a new version was released on November 1 to address the issues.
The technical details for both vulnerabilities are made available by the researchers. These types of security loopholes could be useful to attackers as Able2Extract Professional has a large user base.