CVE-2018-19347

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 78.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware Foxit ReaderFoxitsoftware U3D
Timeline
PublishedNov 17
Latest updateMay 14

Description

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDfoxitsoftware/u3d9.3.0.10809

🔴Vulnerability Details

2
GHSA
GHSA-79c4-g92x-mqjr: The u3d plugin 92022-05-14
CVEList
CVE-2018-19347: The u3d plugin 92018-11-17
CVE-2018-19347 (HIGH CVSS 7.1) | The u3d plugin 9.3.0.10809 (aka plu | cvebase.io