Main Vulnerability Database Vulnerabilities #VU19379

Buffer overflow in Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2019-14209

Published: July 26, 2019

Vulnerability identifier: #VU19379

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-14209

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foxit Software Inc.

Affected software:
Foxit PDF Editor (formerly Foxit PhantomPDF)

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to data desynchrony when adding AcroForm. A remote attacker can trigger heap corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-14209

Install updates from vendor's website.

Sources

https://www.foxitsoftware.com/support/security-bulletins.php

Buffer overflow in Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2019-14209

Detailed vulnerability description

How to mitigate CVE-2019-14209

Sources

Please verify you're human