CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0CVE-2009-0191
https://notcve.org/view.php?id=CVE-2009-0191
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. Foxit Reader v2.3 anterior a Build 3902 y v3.0 anterior a Build 1506, ademas de v3.0.2009.1301, no maneja adecuadamente un segmento del símbolo JBIG2 del diccionario sin nuevos símbolos, lo que permite atacantes remotos ejecutar código arbitrariamente a través de un fichero PDF manipulado que inicia una desreferencia y una localización de memoria no inicializada. • http://secunia.com/advisories/34036 http://secunia.com/secunia_research/2009-11 http://www.foxitsoftware.com/pdf/reader/security.htm#Processing http://www.securityfocus.com/archive/1/501590/100/0/threaded http://www.securityfocus.com/bid/34035 http://www.securitytracker.com/id?1021822 http://www.vupen.com/english/advisories/2009/0634 https://exchange.xforce.ibmcloud.com/vulnerabilities/49135 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 16%CPEs: 3EXPL: 0CVE-2008-1104
https://notcve.org/view.php?id=CVE-2008-1104
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings. Desbordamiento de búfer basado en Pila en Foxit Reader versiones anteriores a la 2.3 build 2912 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrariamente a través de ficheros PDF manipulados, relacionado con la función JavaScript util.printf y los especificadores de punto flotante en las cadenas de formato. • http://secunia.com/advisories/29941 http://secunia.com/secunia_research/2008-18/advisory http://securityreason.com/securityalert/3899 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 http://www.kb.cert.org/vuls/id/119747 http://www.securityfocus.com/archive/1/492289/100/0/threaded http://www.securityfocus.com/bid/29288 http://www.securitytracker.com/id?1020050 http://www.vupen.com/english/advisories/2008/1572 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •