Out of Bounds Memory Access Vulnerability in Foxit Quick PDF Library
CVE-2018-20248

9.8CRITICAL

Key Information:

Vendor
Foxit
Vendor
CVE Published:
24 December 2018

Summary

In Foxit Quick PDF Library, an issue arises when processing malformed or malicious PDF files that contain invalid xref table pointers or data. Specifically, when utilizing functions such as LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly, this flaw can trigger an access violation due to out of bounds memory access. This could potentially allow attackers to exploit the vulnerability to execute arbitrary code or cause crashes in the library.

Affected Version(s)

Foxit Quick PDF Library All versions prior to 16.12

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.