Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Foxit Reader < 8.0 Multiple Vulnerabilities

High

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior or equal to 7.3.4 are affected by the following vulnerbilities :

- An overflow condition exists that is triggered as user-supplied input is not properly validated when handling 'GoToR' actions. With a specially crafted PDF file, a context-dependent attacker can cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 140725) - An overflow condition exists in the 'ConvertToPDF' plugin that is triggered as user-supplied input is not properly validated when handling 'SamplesPerPixel' values in TIFF images. With a specially crafted TIFF image, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 140726) - A use-after-free error that is triggered when handling image descriptions. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 140727) - An overflow condition exists that is triggered as user-supplied input is not properly validated when handling bezier data. With a specially crafted PDF file, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 140728) - An unspecified out-of-bounds access flaw exists that is triggered as certain input is not properly validated. With a specially crafted PDF file, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 140729) - A flaw exists related to an uninitialized pointer being dereferenced when handling stretched images. With a specially crafted PDF file, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 140730) - An out-of-bounds read flaw exists in the 'ConvertToPDF' plugin that is triggered when converting BMP images. This may allow a context-dependent attacker to disclose arbitrary memory content. (OSVDB 140737) - An out-of-bounds write flaw exists in the 'ConvertToPDF' plugin that is triggered when converting BMP images. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 140739) - An out-of-bounds write flaw exists in the 'ConvertToPDF' plugin that is triggered when converting GIF images. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 140740) - An out-of-bounds read flaw exists that is triggered when handling color components in JPEG images. This may allow a context-dependent attacker to disclose arbitrary memory content. (OSVDB 140741) - An out-of-bounds read flaw exists in the 'ConvertToPDF' plugin that is triggered when converting JPEG images with specially crafted EXIF data. This may allow a context-dependent attacker to disclose arbitrary memory content. (OSVDB 140742) - A flaw exists that is triggered as paths to 'exportData' are not properly checked. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 140743) - A flaw exists that is triggered during the handling of SWF files embedded inside PDF files. This may allow a context-dependent attacker to bypass safe mode. (OSVDB 140744) - A use-after-free error is triggered when handling 'FlateDecode'. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 141187) - A use-after-free error is triggered when handling the layout direction of XFA files. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 141188)

Solution

Upgrade Foxit Reader to version 8.0.0 or later.