Описание
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.5 (включая)Версия до 8.0.5 (включая)
Одно из
cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:windows:*:*
cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 58%
0.00361
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
EPSS
Процентиль: 58%
0.00361
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-125