CVE-2018-3956Out-of-bounds Read in Reader

CWE-125Out-of-bounds Read5 documents4 sources
Severity
7.1HIGHNVD
EPSS
16.1%
top 5.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxitsoftware PhantompdfFoxitsoftware ReaderFoxit
Timeline
PublishedJan 30
Latest updateMay 13

Description

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDfoxitsoftware/reader9.3.0.10826
NVDfoxitsoftware/phantompdf9.3.0.10826
CVEListV5foxit/foxitFoxit Software PDF Reader 9.1.0.5096.

🔴Vulnerability Details

2
GHSA
GHSA-php8-5jrg-x8g2: An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 92022-05-13
CVEList
CVE-2018-3956: An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 92019-01-30

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-10-01
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-10-01
CVE-2018-3956 — Out-of-bounds Read in Reader | cvebase