Main Vulnerability Database Vulnerabilities #VU16697

Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Published: December 25, 2018 / Updated: May 18, 2020

Vulnerability identifier: #VU16697

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-20248

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Foxit Software Inc.

Affected software:
Quick PDF Library

Detailed vulnerability description

The vulnerability allows a local attacker to bypass security restrictions the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct further attacks.

How to mitigate CVE-2018-20248

Update to version 16.12.

Sources

https://www.foxitsoftware.com/support/security-bulletins.php

Out-of-bounds read in Quick PDF Library - CVE-2018-20248

Detailed vulnerability description

How to mitigate CVE-2018-20248

Sources

Please verify you're human