CVE-2018-19343

Опубликовано: 17 нояб. 2018

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue.

Ссылки

https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html
Broken Link
Third Party Advisory
https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/
Broken Link
Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Vendor Advisory
https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html
Broken Link
Third Party Advisory
https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/
Broken Link
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:foxitsoftware:foxit_reader:9.3.0.10826:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:u3d:9.3.0.10809:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-2hcp-v799-49gj