CVE-2018-20248

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 65.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Quick PDF Library

Timeline

PublishedDec 24

Latest updateMay 13

Description

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfoxitsoftware/quick_pdf_library< 16.12

▶CVEListV5foxit_quick_pdf_libraryAll versions prior to 16.12

🔴Vulnerability Details

GHSA

GHSA-mqg6-4mpr-wf6p: In Foxit Quick PDF Library (all versions prior to 16↗2022-05-13

▶

CVEList

CVE-2018-20248: In Foxit Quick PDF Library (all versions prior to 16↗2018-12-24

▶