CVE-2017-14694Improper Restriction of Operations within the Bounds of a Memory Buffer in Foxit Reader

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Foxit Reader
Timeline
PublishedSep 22
Latest updateMay 14

Description

Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-ppxc-3qhx-g5v5: Foxit Reader 82022-05-14
CVEList
CVE-2017-14694: Foxit Reader 82017-09-22
CVE-2017-14694 — Foxit Reader vulnerability | cvebase