CVE-2018-3956

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 9.1.0.5096

Description The issue is related to the handling of certain XFA element attributes, which can lead to an out-of-bounds read when a specially crafted PDF document is opened. This can result in the disclosure of sensitive memory content, potentially aiding in exploitation when combined with another issue. An attacker must trick the user into opening a malicious file to trigger this problem. Additionally, if the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.

Recommendations For Foxit Software's PDF Reader version 9.1.0.5096, consider disabling the browser plugin extension to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid opening suspicious PDF documents from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.