Vulnerability identifier: #VU52937
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Foxit PDF Reader for Windows
Client/Desktop applications /
Office applications
Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications /
Office applications
Vendor: Foxit Software Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling certain XFA forms or link objects. A remote attacker can use a specially crafted PDF file to consume all available system resources and cause denial of service conditions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616
CPE
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?