Detections
Analytics

Foxit PhantomPDF < 3.4 DoS (macOS)

medium Nessus Plugin ID 139456

Language:

Synopsis

The remote macOS host is affected by a DoS vulnerability.

Description

The version of Foxit PhantomPDF installed on the remote macOS host is prior to 3.4. It is, therefore, affected by a denial of service (DoS) vulnerability due to a null pointer dereference.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Foxit PhantomPDF version 3.4 or later.

See Also

http://www.nessus.org/u?a27a3e57

Plugin Details

Severity: Medium

ID: 139456

File Name: macos_foxit_phantompdf_3_4.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 8/10/2020

Updated: 8/10/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Based on vendor advisory analysis

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Vulnerability Information

CPE: cpe:/a:foxitsoftware:phantompdf

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Foxit PhantomPDF

Patch Publication Date: 10/15/2019

Vulnerability Publication Date: 10/15/2019