Denial-of-Service Vulnerability in Foxit MobilePDF for iOS
CVE-2017-16813

5.5MEDIUM

Key Information:

Vendor: Foxit
Status: MobilePDF
Vendor: CVE Published:; 26 February 2018

What is CVE-2017-16813?

A vulnerability in the Foxit MobilePDF app for iOS prior to version 6.1 could trigger a denial-of-service situation. This flaw is caused when a user uploads a file that includes a hexadecimal Unicode character in the 'filename' parameter over Wi-Fi. The app's failure to correctly parse this input may result in service interruption, posing a risk to users' devices and data integrity.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2018
Vulnerability Reserved
Nov 13, 2017