Memory Corruption Vulnerability in Foxit Reader and PhantomPDF
CVE-2015-2790

Currently unrated

Key Information:

Vendor: Foxit
Status: Enterprise Reader; Foxit Reader; PhantomPDF
Vendor: CVE Published:; 30 March 2015

Summary

Certain versions of Foxit Reader, Enterprise Reader, and PhantomPDF are susceptible to a memory corruption vulnerability. This issue arises due to improper handling of Ubyte Size within a DataSubBlock structure, as well as the LZWMinimumCodeSize in GIF images. Attackers can exploit this vulnerability by crafting malicious GIF images, leading to a denial of service condition through application crashes.

References

http://protekresearchlab.com/prl-2015-01prl-foxit-product...

x_refsource_MISC

http://securitytracker.com/id/1031878

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/73430

vdb-entryx_refsource_BID

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 30, 2015
Vulnerability Reserved
Mar 30, 2015