CVE-2018-5675

Name of the Vulnerable Software and Affected Versions: Foxit Reader versions prior to 9.1 PhantomPDF versions prior to 9.1

Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of specially crafted pdf files with embedded u3d images, which can trigger an out-of-bounds write on a buffer. This can be leveraged to execute code under the context of the current process.

Recommendations: For Foxit Reader versions prior to 9.1, update to version 9.1 or later. For PhantomPDF versions prior to 9.1, update to version 9.1 or later.