PT-2019-17417 · Foxit · Foxit Pdf Reader

Published

2019-09-29

Updated

2022-06-07

CVE-2019-5031

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 9.4.1.16828

Description A memory corruption issue exists in the JavaScript engine, allowing arbitrary code execution through a specially crafted PDF document that triggers an out-of-memory condition. An attacker must trick the user into opening the malicious file. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.

Recommendations For Foxit PDF Reader version 9.4.1.16828, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Restrict access to malicious PDF documents and avoid visiting untrusted websites with the browser plugin extension enabled.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-703

Related Identifiers

CVE-2019-5031

Affected Products

Foxit Pdf Reader

PT-2019-17417 · Foxit · Foxit Pdf Reader

CVE-2019-5031

Weakness Enumeration

Related Identifiers

Affected Products

References · 3