Denial of Service and Information Disclosure in Foxit Reader through U3D Plugin
CVE-2018-19344

7.1HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
17 November 2018

Summary

The u3d plugin within Foxit Reader enables remote attackers to exploit an out-of-bounds read condition, leading to denial of service or potentially exposing sensitive information. This arises from how data from faulting addresses may be improperly handled, specifically during the processing of U3D samples.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.