CVE-2018-3942

Опубликовано: 08 окт. 2018

Источник: nvd

CVSS3: 8

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.

Ссылки

http://www.securitytracker.com/id/1041769
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609
Exploit
Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory
http://www.securitytracker.com/id/1041769
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*

Версия до 9.2.0.9297 (включая)

cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*

Версия до 9.2.0.9297 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00268

Низкий

8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-q2p4-qwrr-rmwf

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00268

Низкий

8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416