CVE-2018-3843Incorrect Type Conversion or Cast in Foxit

CWE-704Incorrect Type Conversion or Cast6 documents5 sources
Severity
8.8HIGHNVD
OSV4.7
EPSS
33.7%
top 3.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Systemd Project SystemdTalos FoxitFoxitsoftware Foxit Reader
Timeline
PublishedApr 19
Latest updateMay 13

Description

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5talos/foxitFoxit PDF Reader 9.0.1.1049
Ubuntusystemd_project/systemd< 229-4ubuntu21.27+1

🔴Vulnerability Details

3
GHSA
GHSA-m673-jrm2-q2fh: An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 92022-05-13
OSV
systemd vulnerabilities2020-02-05
CVEList
CVE-2018-3843: An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 92018-04-19

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-04-19
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-04-19
CVE-2018-3843 — Incorrect Type Conversion or Cast | cvebase