CVE-2011-0332 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Foxit Phantom

CWE-1894 documents4 sources

Severity

9.3CRITICALNVD

EPSS

2.4%

top 14.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Phantom Foxitsoftware Foxit Reader

Timeline

PublishedFeb 25

Latest updateMay 17

Description

Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDfoxitsoftware/foxit_reader4.3+13

▶NVDfoxitsoftware/foxit_phantom2.3+8

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-qq59-wj3x-rw8m: Integer overflow in Foxit Reader before 4↗2022-05-17

▶

CVEList

CVE-2011-0332: Integer overflow in Foxit Reader before 4↗2011-02-25

▶

💥Exploits & PoCs

Exploit-DB

ZoneMinder 1.24.3 - Remote File Inclusion↗2011-08-01

▶