Out of Bounds Memory Access Vulnerability in Foxit Quick PDF Library
CVE-2018-20248

9.8CRITICAL

Key Information:

Vendor: Foxit
Status: Foxit Quick PDF Library
Vendor: CVE Published:; 24 December 2018

Summary

In Foxit Quick PDF Library, an issue arises when processing malformed or malicious PDF files that contain invalid xref table pointers or data. Specifically, when utilizing functions such as LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly, this flaw can trigger an access violation due to out of bounds memory access. This could potentially allow attackers to exploit the vulnerability to execute arbitrary code or cause crashes in the library.

Affected Version(s)

Foxit Quick PDF Library All versions prior to 16.12

References

http://www.securityfocus.com/bid/106306

vdb-entryx_refsource_BID

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 24, 2018
Vulnerability Reserved
Dec 19, 2018