CVE-2018-19341

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 78.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware Foxit ReaderFoxitsoftware U3D
Timeline
PublishedNov 17
Latest updateMay 14

Description

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDfoxitsoftware/u3d9.3.0.10809

🔴Vulnerability Details

2
GHSA
GHSA-65g8-q9x5-49r2: The u3d plugin 92022-05-14
CVEList
CVE-2018-19341: The u3d plugin 92018-11-17
CVE-2018-19341 (HIGH CVSS 7.1) | The u3d plugin 9.3.0.10809 (aka plu | cvebase.io