CVE-2018-17706Out-of-bounds Write in Phantompdf

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware PhantompdfFoxit Phantompdf
Timeline
PublishedOct 29
Latest updateMay 13

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulner

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxitsoftware/phantompdf9.1.0.5096
CVEListV5foxit/foxit_phantompdfPhantom PDF 9.1.5096

🔴Vulnerability Details

2
GHSA
GHSA-mf3r-93hg-r58j: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 92022-05-13
CVEList
CVE-2018-17706: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 92018-10-29
CVE-2018-17706 — Out-of-bounds Write in Phantompdf | cvebase