CVE-2016-8334 — Out-of-bounds Read in Software Foxit Reader

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

3.3LOWNVD

CNA6.8

EPSS

13.5%

top 5.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit Software Foxit Reader Foxitsoftware Reader

Timeline

PublishedJan 6

Latest updateMay 13

Description

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDfoxitsoftware/reader8.0.2.805

▶CVEListV5foxit_software/foxit_reader8.0.2.805

🔴Vulnerability Details

GHSA

GHSA-9x9p-7f3c-4rvq: A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure↗2022-05-13

▶

CVEList

CVE-2016-8334: A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure↗2017-01-06

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure↗2016-10-18

▶

Talos

Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure↗2016-10-18

▶