Memory Corruption Vulnerability in Foxit Reader and PhantomPDF
CVE-2015-2790

Currently unrated

Key Information:

Vendor
Foxit
Vendor
CVE Published:
30 March 2015

Summary

Certain versions of Foxit Reader, Enterprise Reader, and PhantomPDF are susceptible to a memory corruption vulnerability. This issue arises due to improper handling of Ubyte Size within a DataSubBlock structure, as well as the LZWMinimumCodeSize in GIF images. Attackers can exploit this vulnerability by crafting malicious GIF images, leading to a denial of service condition through application crashes.

References

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.