Denial of Service Vulnerability in Foxit Reader's U3D Plugin
CVE-2018-18933
9.1CRITICAL
Summary
The u3d plugin in Foxit Reader versions up to 9.3.0.10826 is susceptible to a vulnerability that allows remote attackers to execute a Denial of Service attack. This is accomplished by exploiting an out-of-bounds read due to a 'Read Access Violation near NULL' issue, leading to potential information leakage or application crashes when handling specific U3D sample files. Users of affected versions are advised to update their software immediately.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved