CVE-2019-13124 — Uncontrolled Recursion in Foxit Reader

CWE-674 — Uncontrolled Recursion3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 90.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader

Timeline

PublishedSep 30

Latest updateMay 24

Description

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDfoxitsoftware/foxit_reader9.6.0.25114

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-m32j-3cx3-q692: Foxit Reader 9↗2022-05-24

▶

CVEList

CVE-2019-13124: Foxit Reader 9↗2019-09-30

▶