Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Description

Multiple vulnerabilities were found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Out-of-bounds Write/Read vulnerability can be exploited remotely to cause denial of service;
2. Validation Bypass vulnerability can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2018-3956

• CVE-2018-18688/CVE-2018-18689
• ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601
• ZDI-CAN-7353/ZDI-CAN-7423
• ZDI-CAN-7368
• ZDI-CAN-7369
• ZDI-CAN-7453
• ZDI-CAN-7576
• ZDI-CAN-7355

Related products

• Foxit-Reader
• Foxit-Phantom-PDF

CVE list

• CVE-2018-3956
  high
• CVE-2018-18688
  warning
• CVE-2018-18689
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com