Main Vulnerability Database Vulnerabilities #VU16697

#VU16697 Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Published: December 25, 2018 / Updated: May 18, 2020

Vulnerability identifier: #VU16697

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-20248

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Quick PDF Library

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a local attacker to bypass security restrictions the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct further attacks.

Remediation

Update to version 16.12.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

#VU16697 Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Description

Remediation

External links

Please verify you're human