Denial of Service and Information Disclosure in Foxit Reader u3d Plugin
CVE-2018-19343

7.1HIGH

Key Information:

Vendor
Foxit
Status
Foxit Reader
U3d
Vendor
CVE Published:
17 November 2018

Summary

The u3d plugin in Foxit Reader, specifically version 9.3.0.10809, is susceptible to vulnerabilities that allow remote attackers to trigger a denial of service through an out-of-bounds read. This flaw may lead to the exposure of sensitive information or create other unspecified effects when malicious U3D samples are processed. The underlying issue relates to how data from faulting addresses controls code execution flow, impacting the stability and security of the application.

References

https://github.com/Yan-1-20/Yan-1-20.github.io/blob/maste...
x_refsource_MISC
https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.