An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
The vulnerability is classified as CWE-73 (External Control of File Name or Path) and results from insufficient validation of file paths during the import process in the application. An attacker can supply a crafted file whose processing results in overwriting critical internal application files. By replacing these files with attacker-controlled content, it is possible to force execution of code supplied by the attacker.
An attacker can lead to arbitrary code execution (RCE) in the context of the application or gain access to sensitive information stored by the application. A network vector without required privileges and user interaction (AV:N/AC:L/PR:N/UI:N) makes this vulnerability particularly dangerous.
Patches available from the vendor should be applied in accordance with the references. Until updates are applied, it is recommended to restrict file import capabilities to trusted sources and monitor activity related to the file import process in the application.
DeftPDF Document Translator v54.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeftpdf Document Translator
APPDeftpdf54.0