Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-3632 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Enterprise Reader

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

6.8%

top 8.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Foxitsoftware Enterprise Reader Foxitsoftware Foxit Reader Foxitsoftware Phantompdf

Timeline

PublishedMay 1

Latest updateMay 17

Description

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDfoxitsoftware/enterprise_reader7.1.3.320

▶NVDfoxitsoftware/foxit_reader7.1.3.320

▶NVDfoxitsoftware/phantompdf7.1.3.320

🔴Vulnerability Details

GHSA

GHSA-gr2m-6qq8-c2w2: Foxit Reader, Enterprise Reader, and PhantomPDF before 7↗2022-05-17

▶

CVEList

CVE-2015-3632: Foxit Reader, Enterprise Reader, and PhantomPDF before 7↗2015-05-01

▶

💥Exploits & PoCs

Exploit-DB

Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption↗2015-04-29

▶