Sebastian Feldmann

**Name of the Vulnerable Software and Affected Versions** Foxit Reader (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of PDF files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated buffer. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of PDF files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.2.0.9297 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of PDF files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated buffer. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.2.0.9297, consider disabling the PDF parsing functionality until a patch is available to prevent exploitation. Restrict access to malicious pages and files to minimize the risk of sensitive information disclosure. Avoid using Foxit Reader to open untrusted PDF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evince version 3.26.0 **Description** The issue is caused by a buffer overflow in the backend/tiff/tiff-document.c component of the Evince document viewer. This can be exploited by a remote attacker using a specially crafted PDF file, potentially allowing for denial of service or execution of arbitrary code. The attack vector involves the victim opening the crafted PDF file, and the issue arises from an incorrect integer overflow protection mechanism in the `tiff document render` and `tiff document get thumbnail` functions. **Recommendations** For Evince version 3.26.0, as a temporary workaround, consider disabling the rendering of TIFF documents until a patch is available. Restrict access to the `backend/tiff/tiff-document.c` component to minimize the risk of exploitation. Avoid opening suspicious or untrusted PDF files with Evince until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Artifex Mupdf version 1.12.0 Description: The issue is related to a Use After Free vulnerability in the `fz keep key storable` function, which can lead to a denial of service (DOS) or possible code execution. This can be exploited when a victim opens a specially crafted PDF file. Recommendations: For Artifex Mupdf version 1.12.0, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Viewer and Viewer AX SDK versions prior to 2.5.322.8 **Description** The issue arises from the mishandling of conversion from YCC to RGB color spaces, where calculations are based on 1 bit per component (bpc) instead of 8 bpc. This could potentially allow remote attackers to execute arbitrary code through a crafted PDF document. **Recommendations** For versions prior to 2.5.322.8, update to version 2.5.322.8 or later to resolve the issue.