PT-2016-5834 · Microsoft+1 · Gflags+3

Abdulaziz Hariri

Published

2016-03-23

Updated

2016-11-08

CVE-2016-4065

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit Reader and PhantomPDF versions prior to 7.3.4

Description The issue allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted image, including JPEG, GIF, or BMP formats. This occurs when the gflags app is enabled.

Recommendations For Foxit Reader and PhantomPDF versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue. As a temporary workaround, consider disabling the ConvertToPDF plugin until a patch is available. Restrict access to the ConvertToPDF functionality to minimize the risk of exploitation. Avoid using the ConvertToPDF plugin with untrusted image files, including JPEG, GIF, and BMP formats, until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2016-4065

ZDI-16-216

ZDI-16-217

ZDI-16-218

Affected Products

Converttopdf

Foxit Reader

Phantompdf

Gflags

PT-2016-5834 · Microsoft+1 · Gflags+3

CVE-2016-4065

Weakness Enumeration

Related Identifiers

Affected Products

References · 9