Multiple vulnerabilities in Foxit Reader and PhantomPDF



Published: 2019-01-04
Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2019-5006
CVE-2019-5005
CVE-2019-5007
CVE-2018-18688
CVE-2018-18689
CVE-2018-3956
CWE-ID CWE-476
CWE-20
CWE-125
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU16790

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5006

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference when handling malicious input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU16791

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption when handling certain images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU16792

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.

The vulnerability exists due to the access of null pointer when reading the TIFF data during TIFF parsing. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU16793

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.

The vulnerability exists due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free error

EUVDB-ID: #VU16794

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to the use of page or pointer which has been closed or freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU16795

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18688

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU16796

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18689

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU16797

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3956

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the failure in calculating null-terminated character string as the string does not end up with null character correctly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free error

EUVDB-ID: #VU16798

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to the use of document and its auxiliary objects which have been closed after calling closeDocfunction. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU16799

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the use of pointer which has been freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read when converting HTML to PDF and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU16800

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the abnormality in V8 engine resulting from the parsing of non-standard parameters. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU16801

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the inconsistent row numbers resulting from inconsistent character width during control text formatting. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU16802

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.

The vulnerability exists due to an error when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.

Mitigation

Update to version 9.4.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.3.0.10826

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826

External links

http://www.foxitsoftware.com/support/security-bulletins.php


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###