CVE-2017-8455 — Out-of-bounds Read in Foxit Reader

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 40.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader Foxitsoftware Phantompdf

Timeline

PublishedMay 3

Latest updateMay 17

Description

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfoxitsoftware/foxit_reader8.2.0.2051

▶NVDfoxitsoftware/phantompdf8.2.0.2192

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-f4hg-hqfr-h2pq: Foxit Reader before 8↗2022-05-17

▶

CVEList

CVE-2017-8455: Foxit Reader before 8↗2017-05-03

▶