CVE-2016-8877

Опубликовано: 31 окт. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.

Ссылки

http://www.securityfocus.com/bid/93608
Third Party Advisory
VDB Entry
https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/93608
Third Party Advisory
VDB Entry
https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:windows:*:*

Версия до 8.0.5 (включая)

cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:windows:*:*

Версия до 8.0.5 (включая)

EPSS

Процентиль: 67%

0.00534

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-657x-vc25-h3jg