Out of Bounds Memory Access Vulnerability in Foxit Quick PDF Library
CVE-2018-20248
9.8CRITICAL
Summary
In Foxit Quick PDF Library, an issue arises when processing malformed or malicious PDF files that contain invalid xref table pointers or data. Specifically, when utilizing functions such as LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly, this flaw can trigger an access violation due to out of bounds memory access. This could potentially allow attackers to exploit the vulnerability to execute arbitrary code or cause crashes in the library.
Affected Version(s)
Foxit Quick PDF Library All versions prior to 16.12
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved