CVE-2018-20248

Name of the Vulnerable Software and Affected Versions Foxit Quick PDF Library versions prior to 16.12

Description The issue is related to the implementation of functions LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly in the Foxit Quick PDF Library, which can cause an out-of-bounds memory access when processing a malformed xref record in a PDF file. This can allow a remote attacker to gain unauthorized access to sensitive information or cause a denial of service using a specially crafted malicious PDF file.

Recommendations For versions prior to 16.12, update to version 16.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly functions until a patch is available.