SB2019010402 - Multiple vulnerabilities in Foxit Reader and PhantomPDF
Published: January 4, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-5006)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference when handling malicious input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2019-5005)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption when handling certain images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2019-5007)
The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to the access of null pointer when reading the TIFF data during TIFF parsing. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
5) Use-after-free error (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to the use of page or pointer which has been closed or freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
6) Security restrictions bypass (CVE-ID: CVE-2018-18688)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.
7) Security restrictions bypass (CVE-ID: CVE-2018-18689)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.
8) Out-of-bounds read (CVE-ID: CVE-2018-3956)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the failure in calculating null-terminated character string as the string does not end up with null character correctly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and perform a denial of service (DoS) attack.
9) Use-after-free error (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to the use of document and its auxiliary objects which have been closed after calling closeDocfunction. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
10) Out-of-bounds read (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the use of pointer which has been freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read when converting HTML to PDF and perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the abnormality in V8 engine resulting from the parsing of non-standard parameters. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.
12) Out-of-bounds read (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the inconsistent row numbers resulting from inconsistent character width during control text formatting. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.
13) Out-of-bounds read (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to an error when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.