Foxit Reader < 8.2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9898

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 8.2 are affected by the following vulnerabilities :

- An out-of-bounds write flaw exists that is triggered during the handling of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to potentially execute arbitrary code.
- An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted JPEG2000 image. This may allow a context-dependent attacker to disclose potentially sensitive information.
- A use-after-free error exists that is triggered when handling dialog boxes when closing documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted font. This may allow a context-dependent attacker to disclose potentially sensitive information.
- A use-after-free flaw exists that is due to the program failing to properly verify the existence of objects before performing actions when handling 'setInterval'. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An out-of-bounds read flaw exists that is triggered during the handling of a specially crafted JPEG image. This may allow a context-dependent attacker to disclose potentially sensitive information.
- A flaw exists in ConvertToPDF. The issue is triggered as certain input is not properly validated when handling TIFF files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

Solution

Upgrade Foxit Reader to version 8.2 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php

Plugin Details

Severity: Medium

ID: 9898

Family: CGI

Published: 1/19/2017

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:foxitsoftware:reader

Patch Publication Date: 1/10/2017

Vulnerability Publication Date: 1/10/2017