Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2790

CWE-20Improper Input Validation5 documents4 sources
Severity
4.3MEDIUM
EPSS
52.2%
top 2.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Foxitsoftware Enterprise ReaderFoxitsoftware Foxit ReaderFoxitsoftware Phantompdf
Timeline
PublishedMar 30
Latest updateMay 17

Description

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDfoxitsoftware/phantompdf7.0.6.1126

🔴Vulnerability Details

2
GHSA
GHSA-hh7h-784x-q3vr: Foxit Reader, Enterprise Reader, and PhantomPDF before 72022-05-17
CVEList
CVE-2015-2790: Foxit Reader, Enterprise Reader, and PhantomPDF before 72015-03-30

💥Exploits & PoCs

2
Exploit-DB
Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption2015-03-11
Exploit-DB
Foxit Products GIF Conversion - 'LZWMinimumCodeSize' Memory Corruption2015-03-11
CVE-2015-2790 (MEDIUM CVSS 4.3) | Foxit Reader | cvebase.io