KLA10948
Denial of service and code execution vulnerability in Foxit Reader and Foxit PhantomPDF

Updated: 06/03/2020
Detect date
?
01/23/2017
Severity
?
High
Description

Out-of bounds read vulnerability was found in the ConvertToPDF plugin in Foxit Reader and PhantomPDF. By exploiting this vulnerability malicious users can cause a denial of service, possibly obtain sensitive information or execute arbitrary code in the context of the current process. This vulnerability can be exploited remotely via a specially designed JPEG image.


Technical details

Vulnerability can be executed only if gflags app is enabled.

Affected products

Foxit Reader before 8.2
Foxit PhantomPDF before 8.2

Solution

Update to the latest versions
Download Foxit PhantomPDF
Download Foxit Reader

Original advisories

Foxit Security bulletins

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Related products
Foxit Reader
Foxit Phantom PDF
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region