Memory Corruption Vulnerability in Foxit Reader and PhantomPDF
CVE-2015-2790

Currently unrated

Key Information:

Vendor: Foxit
Status: Enterprise Reader; Foxit Reader; PhantomPDF
Vendor: CVE Published:; 30 March 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 23%

What is CVE-2015-2790?

Certain versions of Foxit Reader, Enterprise Reader, and PhantomPDF are susceptible to a memory corruption vulnerability. This issue arises due to improper handling of Ubyte Size within a DataSubBlock structure, as well as the LZWMinimumCodeSize in GIF images. Attackers can exploit this vulnerability by crafting malicious GIF images, leading to a denial of service condition through application crashes.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-2790 - Proof of Concept

References

http://protekresearchlab.com/prl-2015-01prl-foxit-product...

x_refsource_MISC

http://securitytracker.com/id/1031878

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/73430

vdb-entryx_refsource_BID

EPSS Score

23% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 30, 2015
👾
Exploit known to exist
Mar 30, 2015
Vulnerability published
Mar 30, 2015
Vulnerability Reserved
Mar 30, 2015

CVE-2015-2790 Data

JSON