Denial of Service Vulnerability in Foxit Reader's U3D Plugin
CVE-2018-18933

9.1CRITICAL

Key Information:

Vendor
Foxit
Status
Foxit Reader
U3d
Vendor
CVE Published:
5 November 2018

Summary

The u3d plugin in Foxit Reader versions up to 9.3.0.10826 is susceptible to a vulnerability that allows remote attackers to execute a Denial of Service attack. This is accomplished by exploiting an out-of-bounds read due to a 'Read Access Violation near NULL' issue, leading to potential information leakage or application crashes when handling specific U3D sample files. Users of affected versions are advised to update their software immediately.

References

https://yan-1-20.github.io/2018/11/02/2018/11/2018-11-02/
x_refsource_MISC
https://github.com/Yan-1-20/Yan-1-20.github.io/blob/maste...
x_refsource_MISC
https://github.com/Yan-1-20/Yan-1-20.github.io/blob/maste...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.