CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 0CVE-2009-0691
https://notcve.org/view.php?id=CVE-2009-0691
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. El complemento Foxit JPEG2000/JBIG2 Decoder antes de v2.0.2009.616 para Foxit Reader 3.0 antes de Build1817 no gestiona correctamente un error fatal durante la decodificación de una cabecera JPEG2000 (alias JPX), lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de un archivo PDF modificado que provoca un acceso a memoria no válida. • http://secunia.com/advisories/35512 http://securitytracker.com/id?1022425 http://www.foxitsoftware.com/pdf/reader/security.htm#0602 http://www.kb.cert.org/vuls/id/251793 http://www.securityfocus.com/bid/35443 http://www.vupen.com/english/advisories/2009/1640 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0CVE-2009-0191
https://notcve.org/view.php?id=CVE-2009-0191
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. Foxit Reader v2.3 anterior a Build 3902 y v3.0 anterior a Build 1506, ademas de v3.0.2009.1301, no maneja adecuadamente un segmento del símbolo JBIG2 del diccionario sin nuevos símbolos, lo que permite atacantes remotos ejecutar código arbitrariamente a través de un fichero PDF manipulado que inicia una desreferencia y una localización de memoria no inicializada. • http://secunia.com/advisories/34036 http://secunia.com/secunia_research/2009-11 http://www.foxitsoftware.com/pdf/reader/security.htm#Processing http://www.securityfocus.com/archive/1/501590/100/0/threaded http://www.securityfocus.com/bid/34035 http://www.securitytracker.com/id?1021822 http://www.vupen.com/english/advisories/2009/0634 https://exchange.xforce.ibmcloud.com/vulnerabilities/49135 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 17%CPEs: 3EXPL: 0CVE-2008-1104
https://notcve.org/view.php?id=CVE-2008-1104
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings. Desbordamiento de búfer basado en Pila en Foxit Reader versiones anteriores a la 2.3 build 2912 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrariamente a través de ficheros PDF manipulados, relacionado con la función JavaScript util.printf y los especificadores de punto flotante en las cadenas de formato. • http://secunia.com/advisories/29941 http://secunia.com/secunia_research/2008-18/advisory http://securityreason.com/securityalert/3899 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://www.kb.cert.org/vuls/id/119747 http://www.securityfocus.com/archive/1/492289/100/0/threaded http://www.securityfocus.com/bid/29288 http://www.securitytracker.com/id?1020050 http://www.vupen.com/english/advisories/2008/1572 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •