CVE-2017-10994Write-what-where Condition in Foxit Reader

CWE-123Write-what-where Condition3 documents3 sources
Severity
7.3HIGHNVD
EPSS
1.3%
top 20.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware Foxit ReaderFoxitsoftware Phantompdf
Timeline
PublishedJul 7
Latest updateMay 17

Description

Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

NVDfoxitsoftware/phantompdf8.3.0.14878

🔴Vulnerability Details

2
GHSA
GHSA-x838-qr7r-99r6: Foxit Reader before 82022-05-17
CVEList
CVE-2017-10994: Foxit Reader before 82017-07-07
CVE-2017-10994 — Write-what-where Condition | cvebase