Denial of Service Vulnerability in Foxit Reader's U3D Plugin
CVE-2018-19347
7.1HIGH
Summary
The u3d plugin version 9.3.0.10809 in Foxit Reader 9.3.0.10826 has a vulnerability that could allow remote attackers to disrupt service. This results from an out-of-bounds read issue that arises when processing U3D samples, potentially leading to unauthorized access to sensitive data or a denial of service condition. Attackers can exploit this vulnerability by providing specially crafted input, which influences the branch selection process.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published