Uncontrolled Recursion Vulnerability in Foxit Reader
CVE-2019-13123

7.5HIGH

Key Information:

Vendor: Foxit
Status: Foxit Reader
Vendor: CVE Published:; 30 September 2019

What is CVE-2019-13123?

The Foxit Reader product prior to version 9.6.0.25115 is susceptible to a vulnerability characterized by unique RecursiveCall bugs. These bugs occur in the V8 JavaScript engine and involve multiple functions that can lead to stack memory exhaustion due to uncontrolled recursion. This may allow an attacker to craft malicious documents, leading to denial of service or potentially impacting system stability.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2019
Vulnerability Reserved
Jul 1, 2019

JSON