Denial of Service Vulnerability in Foxit Reader and PhantomPDF
CVE-2015-3632

Currently unrated

Key Information:

Vendor: Foxit
Status: Enterprise Reader; PhantomPDF; Foxit Reader
Vendor: CVE Published:; 1 May 2015

Summary

An exploitable vulnerability exists in Foxit Reader, Enterprise Reader, and PhantomPDF prior to version 7.1.5. This vulnerability allows remote attackers to trigger a denial of service by crafting a malicious GIF image embedded within a PDF file, leading to memory corruption and subsequent crashes of the affected applications.

References

https://www.exploit-db.com/exploits/36859/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/131685/Foxit-Reader-...

x_refsource_MISC

http://www.securitytracker.com/id/1032229

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 1, 2015
Vulnerability Reserved
May 1, 2015