CVE-2019-14211 — Improper Input Validation in Phantompdf

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 94.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Phantompdf

Timeline

PublishedJul 21

Latest updateMay 24

Description

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDfoxitsoftware/phantompdf< 8.3.11

🔴Vulnerability Details

GHSA

GHSA-8hwv-hhvh-9w73: An issue was discovered in Foxit PhantomPDF before 8↗2022-05-24

▶

CVEList

CVE-2019-14211: An issue was discovered in Foxit PhantomPDF before 8↗2019-07-21

▶

💬Community

Bugzilla

CVE-2019-12790 radare2: heap-based buffer over-read in function r_egg_lang_parsechar in egg_lang.c↗2019-06-24

▶