Denial of Service Vulnerability in Foxit Reader and PhantomPDF
CVE-2015-3632

Currently unrated

Key Information:

Vendor: Foxit
Status: Enterprise Reader; PhantomPDF; Foxit Reader
Vendor: CVE Published:; 1 May 2015

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-3632?

An exploitable vulnerability exists in Foxit Reader, Enterprise Reader, and PhantomPDF prior to version 7.1.5. This vulnerability allows remote attackers to trigger a denial of service by crafting a malicious GIF image embedded within a PDF file, leading to memory corruption and subsequent crashes of the affected applications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-3632 - Proof of Concept

References

https://www.exploit-db.com/exploits/36859/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/131685/Foxit-Reader-...

x_refsource_MISC

http://www.securitytracker.com/id/1032229

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 1, 2015
👾
Exploit known to exist
May 1, 2015
Vulnerability published
May 1, 2015
Vulnerability Reserved
May 1, 2015

CVE-2015-3632 Data

JSON