Denial of service in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU1031
Published: October 19, 2016
Vulnerability identifier: #VU1031
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is caused by null pointer dereference that lets attackers to trigger application crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is caused by null pointer dereference that lets attackers to trigger application crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Update Foxit Reader to version 8.1.
Update Foxit PhantomPDF to version 8.1.
Update Foxit PhantomPDF to version 8.1.