HomePentest-Tools.com Logo

Foxit Reader Multiple Remote Code Execution Vulnerabilities CVE-2016-4059CVE-2016-4060CVE-2016-4061CVE-2016-4062CVE-2016-4063CVE-2016-4064CVE-2016-4065

CVSSv3 Score
Vulnerability description

Foxit Reader is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - The multiple Use-after-free vulnerabilities. - The error in parsing malformed content stream. - The application recursively called the format error of some PDFs and led to no response when opening the PDF. - The destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer. - The error in decoding corrupted images during PDF conversion with the gflags app enabled. - The XFAs underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA. Successful exploitation will allow remote attackers to cause a denial of service (application crash).


Upgrade to Foxit Reader version 7.3.4 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Apr 22, 2016
Detection added at
Software Type
Not available
Not available
Not available