CVE-2018-20247

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
44.9%
top 2.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Quick PDF Library
Timeline
PublishedDec 24
Latest updateMay 13

Description

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5foxit_quick_pdf_libraryAll versions prior to 16.12

🔴Vulnerability Details

2
GHSA
GHSA-hg32-2wp3-5f7j: In Foxit Quick PDF Library (all versions prior to 162022-05-13
CVEList
CVE-2018-20247: In Foxit Quick PDF Library (all versions prior to 162018-12-24
CVE-2018-20247 (HIGH CVSS 7.8) | In Foxit Quick PDF Library (all ver | cvebase.io