Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2018-20247 CVE-2018-20248 CVE-2018-20249 |
CWE-ID | CWE-121 CWE-125 |
Exploitation vector | Local |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
Vulnerable software Subscribe |
Quick PDF Library Client/Desktop applications / Multimedia software |
Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU16696
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20247
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
Description
The vulnerability allows a local attacker to gain elevated privileges the target system.
The weakness exists due to stack based buffer overflow when handling malicious input. A local attacker can load a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 16.12.
Vulnerable software versionsQuick PDF Library: 7.12 - 16.11
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU16697
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20248
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
Description
The vulnerability allows a local attacker to bypass security restrictions the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct further attacks.
MitigationUpdate to version 16.12.
Vulnerable software versionsQuick PDF Library: 7.12 - 16.11
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU16698
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20249
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
Description
The vulnerability allows a local attacker to bypass security restrictions the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct for further attacks.
MitigationUpdate to version 16.12.
Vulnerable software versionsQuick PDF Library: 7.12 - 16.11
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.