Main Vulnerability Database Vulnerabilities #VU5899

NULL pointer dereference in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU5899

Published: March 1, 2017

Vulnerability identifier: #VU5899

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foxit Software Inc.

Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Detailed vulnerability description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a NULL pointer dereference error when processing .pdf files. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, cause NULL pointer dereference and crash the affected application.

Successful exploitation of the vulnerability may result in denial of service attack.

Remediation

Install the latest version Foxit Reader 8.2.1 or Foxit PhantomPDF 8.2.1.

Sources

https://www.foxitsoftware.com/support/security-bulletins.php

NULL pointer dereference in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU5899

Detailed vulnerability description

Remediation

Sources

Please verify you're human