Main Vulnerability Database Vulnerabilities #VU6302

NULL pointer dereference in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU6302

Published: April 19, 2017

Vulnerability identifier: #VU6302

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foxit Software Inc.

Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Detailed vulnerability description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to a NULL pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and trigger the affected application to crash.

Remediation

The vulnerability is fixed in Foxit Reader 8.3 and Foxit PhantomPDF 8.3.

Sources

https://www.foxitsoftware.com/support/security-bulletins.php

NULL pointer dereference in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU6302

Detailed vulnerability description

Remediation

Sources

Please verify you're human