CVE-2018-3962

Опубликовано: 02 окт. 2018

Источник: nvd

CVSS3: 8

CVSS3: 7.3

CVSS2: 6

EPSS Низкий

Описание

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Ссылки

http://www.securitytracker.com/id/1041769
Broken Link
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628
Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory
http://www.securitytracker.com/id/1041769
Broken Link
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*

Версия до 9.2.0.9297 (включая)

cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*

Версия до 9.2.0.9297 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.0022

Низкий

8 High

CVSS3

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-5q58-xhg6-989p

CVSS3: 7.3

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.0022

Низкий

8 High

CVSS3

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-416