Vulnerability Spotlight: Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability

Discovered by Aleksandar Nikolic of Cisco Talos Overview Cisco Talos is releasing details of a new vulnerability in Google PDFium’s JBIG2 library. An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2-parsing code in Google Chrome, version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak.

You can read the full article here.