CVE-2016-4065

Name of the Vulnerable Software and Affected Versions Foxit Reader and PhantomPDF versions prior to 7.3.4

Description The issue allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted image, including JPEG, GIF, or BMP formats. This occurs when the gflags app is enabled.

Recommendations For Foxit Reader and PhantomPDF versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue. As a temporary workaround, consider disabling the ConvertToPDF plugin until a patch is available. Restrict access to the ConvertToPDF functionality to minimize the risk of exploitation. Avoid using the ConvertToPDF plugin with untrusted image files, including JPEG, GIF, and BMP formats, until the issue is resolved.