CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6751 – Foxit Studio Photo JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6751
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-375 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 6%CPEs: 3EXPL: 1CVE-2018-3956
https://notcve.org/view.php?id=CVE-2018-3956
An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Una vulnerabilidad de lectura fuera de límites explotable en la gestión de determinados atributos de elementos XFA de la versión 9.1.0.5096 del lector PDF de Foxit Software. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6983
https://notcve.org/view.php?id=CVE-2019-6983
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory. Se ha detectado un problema en Foxit 3D Plugin Beta, en versiones anteriores a la 9.4.0.16807, para Foxit Reader y PhantomPDF. La aplicación podría encontrar un desbordamiento de enteros y cerrarse inesperadamente durante la gestión de determinados archivos PDF que embeben contenido 3D especialmente manipulado debido a una liberación de memoria válida. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6984
https://notcve.org/view.php?id=CVE-2019-6984
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer. Se ha detectado un problema en Foxit 3D Plugin Beta, en versiones anteriores a la 9.4.0.16807, para Foxit Reader y PhantomPDF. La aplicación podría encontrar un uso de memoria previamente liberada o confusión de tipos durante la gestión de determinados archivos PDF que embeben contenido 3D especialmente manipulado debido al uso de un puntero no inicializado. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6985
https://notcve.org/view.php?id=CVE-2019-6985
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation. Se ha detectado un problema en Foxit 3D Plugin Beta, en versiones anteriores a la 9.4.0.16807, para Foxit Reader y PhantomPDF. La aplicación podría encontrar una lectura fuera de límites durante la indexación o un desbordamiento de memoria dinámica (heap) y un cierre inesperado durante la gestión de determinados archivos PDF que embeben contenido 3D especialmente manipulado, debido a una violación de acceso al array. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •