Use-After-Free and Type Confusion in Foxit 3D Plugin for Foxit Reader and PhantomPDF
CVE-2019-6984
6.5MEDIUM
Summary
A vulnerability has been identified in Foxit 3D Plugin Beta versions prior to 9.4.0.16807, affecting both Foxit Reader and PhantomPDF. This issue could lead to crashes when the application processes certain PDF files containing specifically crafted 3D content. The vulnerability results from handling wild pointers, which can lead to serious implications during the rendering of these documents. Users of affected versions are urged to update to ensure security against potential exploitation.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved