CVE-2017-6883 — Out-of-bounds Read in Foxit Reader

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 68.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader Foxitsoftware Phantompdf

Timeline

PublishedMar 14

Latest updateMay 13

Description

The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶NVDfoxitsoftware/foxit_reader8.2.0.2051

▶NVDfoxitsoftware/phantompdf8.2.0.2192

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-m7pg-vpv3-j4gh: The ConvertToPDF plugin in Foxit Reader before 8↗2022-05-13

▶

CVEList

CVE-2017-6883: The ConvertToPDF plugin in Foxit Reader before 8↗2017-03-14

▶