Main Vulnerability Database Vulnerabilities #VU16698

#VU16698 Out-of-bounds read in Quick PDF Library - CVE-2018-20249

Published: December 25, 2018 / Updated: May 18, 2020

Vulnerability identifier: #VU16698

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-20249

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Quick PDF Library

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a local attacker to bypass security restrictions the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can load a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions, trigger memory corruption and bypass security restrictions to conduct for further attacks.

Remediation

Update to version 16.12.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

#VU16698 Out-of-bounds read in Quick PDF Library - CVE-2018-20249

Description

Remediation

External links

Please verify you're human