CVE-2019-5031Improper Check or Handling of Exceptional Conditions in Reader

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-770Allocation of Resources Without Limits or ThrottlingCWE-755Improper Handling of Exceptional Conditions3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 22.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxitsoftware PhantompdfFoxitsoftware ReaderFoxitsoftware Foxit Reader
Timeline
PublishedOct 2
Latest updateMay 24

Description

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDfoxitsoftware/reader9.4.1.16828
CVEListV5foxitsoftware/foxit_readerFoxit Software Foxit PDF Reader 9.4.1.16828.
NVDfoxitsoftware/phantompdf9.4.1.16828

🔴Vulnerability Details

2
GHSA
GHSA-v8q7-q2cx-mh43: An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 92022-05-24
CVEList
CVE-2019-5031: An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 92019-10-02
CVE-2019-5031 — Foxitsoftware Reader vulnerability | cvebase