CVE-2018-17781Sensitive Information Exposure in Phantompdf

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 76.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware PhantompdfFoxitsoftware Reader
Timeline
PublishedSep 29
Latest updateMay 14

Description

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfoxitsoftware/reader9.2.0.9297
NVDfoxitsoftware/phantompdf9.2.0.9297

Patches

Patch: www.foxitsoftware.comPatch: www.foxitsoftware.com

🔴Vulnerability Details

2
GHSA
GHSA-6xrr-hxxj-4x7m: Foxit PhantomPDF and Reader before 92022-05-14
CVEList
CVE-2018-17781: Foxit PhantomPDF and Reader before 92018-09-29
CVE-2018-17781 — Sensitive Information Exposure | cvebase