Foxit Reader Multiple Remote Code Execution Vulnerabilities CVE-2016-4059CVE-2016-4060CVE-2016-4061CVE-2016-4062CVE-2016-4063CVE-2016-4064CVE-2016-4065
- CVSSv3 Score
- Vulnerability description
Foxit Reader is prone to multiple vulnerabilities.
- Risk description
Multiple flaws exist due to: - The multiple Use-after-free vulnerabilities. - The error in parsing malformed content stream. - The application recursively called the format error of some PDFs and led to no response when opening the PDF. - The destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer. - The error in decoding corrupted images during PDF conversion with the gflags app enabled. - The XFAs underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA. Successful exploitation will allow remote attackers to cause a denial of service (application crash).
Upgrade to Foxit Reader version 7.3.4 or later.
- Not available