Multiple vulnerabilities in Foxit Reader and PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2019-5006 CVE-2019-5005 CVE-2019-5007 CVE-2018-18688 CVE-2018-18689 CVE-2018-3956 |
| CWE-ID | CWE-476 CWE-20 CWE-125 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Foxit PDF Reader for Windows Client/Desktop applications / Office applications Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU16790
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-5006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference when handling malicious input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Input validation error
EUVDB-ID: #VU16791
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-5005
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption when handling certain images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Out-of-bounds read
EUVDB-ID: #VU16792
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-5007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to the access of null pointer when reading the TIFF data during TIFF parsing. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Out-of-bounds read
EUVDB-ID: #VU16793
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Use-after-free error
EUVDB-ID: #VU16794
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to the use of page or pointer which has been closed or freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Security restrictions bypass
EUVDB-ID: #VU16795
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-18688
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Security restrictions bypass
EUVDB-ID: #VU16796
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-18689
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and bypass signature validation.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Out-of-bounds read
EUVDB-ID: #VU16797
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-3956
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the failure in calculating null-terminated character string as the string does not end up with null character correctly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Use-after-free error
EUVDB-ID: #VU16798
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to the use of document and its auxiliary objects which have been closed after calling closeDocfunction. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Out-of-bounds read
EUVDB-ID: #VU16799
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the use of pointer which has been freed. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read when converting HTML to PDF and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
11) Out-of-bounds read
EUVDB-ID: #VU16800
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the abnormality in V8 engine resulting from the parsing of non-standard parameters. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
12) Out-of-bounds read
EUVDB-ID: #VU16801
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the inconsistent row numbers resulting from inconsistent character width during control text formatting. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read and access arbitrary data.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
13) Out-of-bounds read
EUVDB-ID: #VU16802
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and perform a denial of service (DoS) attack.
The vulnerability exists due to an error when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read to access arbitrary data and perform a denial of service (DoS) attack.
MitigationUpdate to version 9.4.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 9.3.0.10826
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.3.0.10826
CPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
