Update PDF.js to v 2.0 and viewer.js in order to provide better answer highlighting in a PDF document (CVE-2018-5158, HIGH, affected) (MINDBREEZE29997)

ID: MINDBREEZE29997 
Affected Components: Mindbreeze InSpire 
Severity: High 
Status: Final 
First published: September 04, 2024 
CVEs: CVE-2024-4367 

Summary

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire SaaS 24.5 Release
• Mindbreeze InSpire 24.5 Release