Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-51553

3.3LOW

Key Information:

Vendor: Foxit
Status: PDF Editor; PDF Reader
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-51553?

A vulnerability has been identified in Foxit PDF Reader that pertains to an out-of-bounds read condition within the handling of Bookmark objects. This flaw arises from insufficient validation of user-supplied data. As a result, it can lead to sensitive information exposure on affected installations. Exploitation requires user interaction, specifically prompting the user to visit a malicious web page or to open a specially crafted PDF file. Attackers may exploit this vulnerability in conjunction with additional issues to potentially execute arbitrary code in the context of the current process, creating a significant risk for users.

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1867/

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024