HomePentest-Tools.com Logo

Foxit PhantomPDF Multiple Vulnerabilities-July 2019 (Windows)-02 CVE-2019-14208CVE-2019-14209CVE-2019-14210CVE-2019-14214

Severity
CVSSv3 Score
7.5
Vulnerability description

Foxit PhantomPDF is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - An issue in getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary which could expose the application to a NULL pointer dereference. - Data desynchrony when adding AcroForm could cause Heap Corruption. - Use of an invalid pointer copy, resulting from a destructed string object could cause Memory Corruption. - Deleting pages in a document that contains only one page by calling a t.hidden = true function could result in JavaScript Denial of Service. Successful exploitation allows remote attackers to overflow the buffer and cause denial of service conditions.

Recommendation

Upgrade to Foxit PhantomPDF 8.3.10 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 21, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available