CVE-2018-18933

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.5%

top 33.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader Foxitsoftware U3D

Timeline

PublishedNov 5

Latest updateMay 14

Description

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDfoxitsoftware/foxit_reader9.3.0.10826

▶NVDfoxitsoftware/u3d9.3.0.10809

Patches

Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-hjjv-jhc2-vvjg: The u3d plugin 9↗2022-05-14

▶

CVEList

CVE-2018-18933: The u3d plugin 9↗2018-11-05

▶