CVE-2016-4065 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Foxit Reader

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader Foxitsoftware Phantompdf

Timeline

PublishedApr 22

Latest updateMay 17

Description

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfoxitsoftware/foxit_reader7.3.0.118

▶NVDfoxitsoftware/phantompdf7.3.0.118

🔴Vulnerability Details

GHSA

GHSA-v63p-3vxg-wvqw: The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7↗2022-05-17

▶

CVEList

CVE-2016-4065: The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7↗2016-04-22

▶