Use-After-Free and Type Confusion in Foxit 3D Plugin for Foxit Reader and PhantomPDF
CVE-2019-6984

6.5MEDIUM

Key Information:

Vendor: Foxit
Status: 3d
Vendor: CVE Published:; 3 October 2022

Summary

A vulnerability has been identified in Foxit 3D Plugin Beta versions prior to 9.4.0.16807, affecting both Foxit Reader and PhantomPDF. This issue could lead to crashes when the application processes certain PDF files containing specifically crafted 3D content. The vulnerability results from handling wild pointers, which can lead to serious implications during the rendering of these documents. Users of affected versions are urged to update to ensure security against potential exploitation.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022