Denial of Service Vulnerability in Foxit Reader's U3D Plugin
CVE-2018-19346

7.1HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
17 November 2018

Summary

The U3D plugin in the Foxit Reader software is vulnerable to a denial of service attack, which can be triggered by remote attackers exploiting an out-of-bounds read issue. This vulnerability allows attackers to manipulate the plugin's data flow, leading to potential crashes or unwanted behavior of the application. By sending specially crafted U3D samples, attackers can compromise the integrity of the reader, thereby putting sensitive information at risk.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.