Foxit Reader < 7.3.4 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9468

Synopsis

The remote host has been observed running a version of Foxit Reader that is subject to multiple attack vectors.

Description

Versions of Foxit Reader prior to 7.3.4 are affected by the following vulnerbilities :

- A use-after-free error exists that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free condition exists that is triggered when handling FlateDecode streams. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- A use-after-free condition exists that is triggered when handling object revision numbers. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- An out-of-bounds read flaw exists that is triggered when decoding GIF images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents.
- A use-after-free condition exists that is triggered during the handling of XFA re-layouts. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free condition exists related to the TimeOut function. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- A use-after-free condition exists that is triggered when handling JavaScript API calls while closing a document. With a specially crafted PDF file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- A flaw exists that is triggered during the parsing of content streams. This may allow a context-dependent attacker to crash the process.
- A flaw exists that is triggered when recursively triggering PDF format errors. This may allow a context-dependent attacker to cause the application to stop responding.
- An out-of-bounds read flaw exists that is triggered when decoding JPEG images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents.
- An out-of-bounds read flaw exists that is triggered when decoding BMP images during PDF conversion. This may allow a context-dependent attacker to potentially disclose sensitive memory contents.

Solution

Upgrade Foxit Reader to version 7.3.4 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php#content-2016

Plugin Details

Severity: Critical

ID: 9468

Family: CGI

Published: 8/5/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:foxitsoftware:reader

Patch Publication Date: 3/16/2016

Vulnerability Publication Date: 3/16/2016

Reference Information

CVE: CVE-2016-4059, CVE-2016-4060, CVE-2016-4061, CVE-2016-4062, CVE-2016-4063, CVE-2016-4064, CVE-2016-4065