Information disclosure in Foxit PDF Reader for Windows - CVE-2016-8334
Published: October 19, 2016 / Updated: October 24, 2016
Vulnerability identifier: #VU1063
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8334
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Reader for Windows
Detailed vulnerability description
The vulnerability allows a local user to obtain potentially sensitive information on the target system.
The weakness is caused by insufficient bounds validation during analysis of JBIG2 segments in PDF file. By convincing a victim to open a specially crafted file, attackers can cause out-of-bounds heap memory condition that lets view important data.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
The weakness is caused by insufficient bounds validation during analysis of JBIG2 segments in PDF file. By convincing a victim to open a specially crafted file, attackers can cause out-of-bounds heap memory condition that lets view important data.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
How to mitigate CVE-2016-8334
Update to version 8.1.