CVE-2018-7406Improper Validation of Array Index in Phantompdf

CWE-129Improper Validation of Array Index3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 20.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware PhantompdfFoxitsoftware Reader
Timeline
PublishedMay 24
Latest updateMay 14

Description

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to ex

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxitsoftware/reader9.0.1.1049
NVDfoxitsoftware/phantompdf9.0.1.1049

🔴Vulnerability Details

2
GHSA
GHSA-5w6x-rf3h-52m2: An issue was discovered in Foxit Reader before 92022-05-14
CVEList
CVE-2018-7406: An issue was discovered in Foxit Reader before 92018-05-24
CVE-2018-7406 — Improper Validation of Array Index | cvebase