CVE-2017-8454Out-of-bounds Read in Foxit Reader

CWE-125Out-of-bounds Read3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware Foxit ReaderFoxitsoftware Phantompdf
Timeline
PublishedMay 3
Latest updateMay 17

Description

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxitsoftware/phantompdf8.2.0.2192

Patches

Patch: www.foxitsoftware.comPatch: www.foxitsoftware.com

🔴Vulnerability Details

2
GHSA
GHSA-2rf9-85pr-gw7v: Foxit Reader before 82022-05-17
CVEList
CVE-2017-8454: Foxit Reader before 82017-05-03
CVE-2017-8454 — Out-of-bounds Read in Foxit Reader | cvebase