PT-2019-17417 · Foxit · Foxit Pdf Reader

Publicado

2019-09-29

Atualizado

2022-06-07

CVE-2019-5031

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 9.4.1.16828

Description A memory corruption issue exists in the JavaScript engine, allowing arbitrary code execution through a specially crafted PDF document that triggers an out-of-memory condition. An attacker must trick the user into opening the malicious file. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.

Recommendations For Foxit PDF Reader version 9.4.1.16828, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Restrict access to malicious PDF documents and avoid visiting untrusted websites with the browser plugin extension enabled.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-703

Identificadores relacionados

CVE-2019-5031

Produtos afetados

Foxit Pdf Reader

PT-2019-17417 · Foxit · Foxit Pdf Reader

CVE-2019-5031

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3