Mobile Dynamix PrinterShare Out-of-Bounds Write Vulnerability Allowing Memory Corruption and Potential Arbitrary Code Execution
Vulnerability
A vulnerability allowing out-of-bounds write has been identified in Mobile Dynamix PrinterShare Mobile Print, specifically in versions prior to 12.15.01 on the Android platform. This vulnerability arises in the native library responsible for PDF rendering, where improper bounds checking allows for memory corruption. Exploitation of this issue could lead to arbitrary code execution.
Impact
Exploitation of this vulnerability causes a process crash due to memory access violations, but also allows for memory corruption that could be leveraged for arbitrary code execution.
Reproduction
The vulnerability can be reproduced on a rooted Samsung Galaxy Tab A7 Lite running Android 13. By using the Frida dynamic instrumentation toolkit, the native PDF rendering function can be hooked and manipulated. A crafted PDF file with extreme dimensions is created and then processed by the application, triggering the out-of-bounds write vulnerability. This manipulation causes memory corruption, which can be exploited to execute arbitrary code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.