CVE-2017-5556Out-of-bounds Read in Foxit Reader

CWE-125Out-of-bounds Read3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.8%
top 26.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware Foxit ReaderFoxitsoftware Phantompdf
Timeline
PublishedJan 23
Latest updateMay 17

Description

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDfoxitsoftware/phantompdf8.1.1.1115

🔴Vulnerability Details

2
GHSA
GHSA-vj5c-95p9-jf9j: The ConvertToPDF plugin in Foxit Reader before 82022-05-17
CVEList
CVE-2017-5556: The ConvertToPDF plugin in Foxit Reader before 82017-01-23
CVE-2017-5556 — Out-of-bounds Read in Foxit Reader | cvebase