CVE-2018-20249

Name of the Vulnerable Software and Affected Versions Foxit Quick PDF Library versions prior to 16.12

Description The issue arises when loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions, potentially resulting in an access violation caused by out of bounds memory access. This could allow a remote attacker to gain unauthorized access to protected information or cause a denial of service using a specially crafted malicious PDF file.

Recommendations For versions prior to 16.12, update to version 16.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DAOpenFile and DAOpenFileReadOnly functions until a patch is available.