KLA10948
Denial of service and code execution vulnerability in Foxit Reader and Foxit PhantomPDF
Updated: 06/01/2019
Detect date
?
01/23/2017
Severity
?
High
Description

Out-of bounds read vulnerability was found in the ConvertToPDF plugin in Foxit Reader and PhantomPDF. By exploiting this vulnerability malicious users can cause a denial of service, possibly obtain sensitive information or execute arbitrary code in the context of the current process. This vulnerability can be exploited remotely via a specially designed JPEG image.


Technical details

Vulnerability can be executed only if gflags app is enabled.

Affected products

Foxit Reader before 8.2
Foxit PhantomPDF before 8.2

Solution

Update to the latest versions
Download Foxit PhantomPDF
Download Foxit Reader

Original advisories

Foxit Security bulletins

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
CVE-IDS
?