Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | N/A |
| CWE-ID | CWE-843 CWE-416 CWE-125 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Foxit PDF Reader for Windows Client/Desktop applications / Office applications Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Type confusion
EUVDB-ID: #VU9131
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can execute certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type confusion
EUVDB-ID: #VU9133
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can execute certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU9134
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling Annot objects. A remote attacker can trick the victim into opening a specially crafted Annot object, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU9135
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the _JP2_Codestream_Read_SOT function, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU9136
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the lrt_jp2_decompress_write_stripe function, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU9137
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when rendering images. A remote attacker can trick the victim into opening a specially crafted image file, abuse the render.image function, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU9138
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted PDF file, abuse the GetBitmapWithoutColorKey function, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU9139
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to uninitialized pointer when handling malicious input. A remote attacker can trick the victim into opening a specially crafted abnormal PDF file, abuse the JP2_Format_Decom function, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free error
EUVDB-ID: #VU9140
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the inconsistency of XFA nodes and XML nodes after deletion during data binding. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free error
EUVDB-ID: #VU9141
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the use of document after it has been freed by closeDoc JavaScript. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU9142
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the invalid length of size_file_name in CDRecord in the ZIP compression data. A remote attacker can trick the victim into opening a specially crafted EPUB file, trigger buffer overflow and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Type confusion
EUVDB-ID: #VU9143
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the use of discrepant data object during data binding. A remote attacker can trick the victim into opening specially crafted XFA files and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU9144
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the incorrect resource loading when the gflags app is enabled. A remote attacker can trick the victim into opening a specially crafted input, cause file type filter to disorder, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU9145
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the calling of incorrect util.printf parameter. A remote attacker can trick the victim into opening a specially crafted input, trigger out-of-bounds read and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.
Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
