HomePentest-Tools.com Logo

Foxit PhantomPDF Multiple Vulnerabilities-Jan 2019 (Windows) CVE-2018-18688CVE-2018-18689CVE-2018-3956CVE-2019-5005CVE-2019-5006CVE-2019-5007

Severity
CVSSv3 Score
7.1
Vulnerability description

Foxit PhantomPDF is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - Error in handing image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption - A NULL pointer dereference during PDF parsing - An Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing - An out-of-bounds read/write vulnerability and crash when handling XFA element attributes Successful exploitation will allow remote attackers to cause a denial of service.

Recommendation

Upgrade to Foxit PhantomPDF 9.4 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 7, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available