Описание
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.5 (включая)Версия до 8.0.5 (включая)
Одно из
cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:windows:*:*
cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 58%
0.00361
Низкий
7.5 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
EPSS
Процентиль: 58%
0.00361
Низкий
7.5 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-125