Vulnerability CVE-2017-17557


Published: 2018-04-24

Description:
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Foxitsoftware
Product: Phantompdf 
Version:
9.0.1
9.0
8.3.6
8.3.5
8.3.2
8.3.1
8.3
8.2.1
8.2
8.1.1
8.1
8.0.2
8.0
7.3.9
7.3.4
7.3.17
7.3.15
7.3.13
7.3.11
7.3.0.118
7.3
7.2.2
7.2.0.722
7.2
7.1.5
7.1.3.320
7.1
7.0.6.1126
7.0.6
7.0
6.2.1
6.2
6.1.2
6.1
6.0.7
6.0.5
6.0
5.4.3
5.4.2
5.4
5.2.1
5.2
5.1.2
5.1
5.0.3
5.0.2
See more versions on NVD
Product: Foxit reader 
Version:
9.0.1
9.0
8.3.2
8.3.1
8.3
8.2.1
8.2
8.1.4
8.1.1
8.1
8.0.2
8.0
7.3.4
7.3.0.118
7.3
7.2.8
7.2.2
7.2.0.722
7.2
7.1.5
7.1
7.0.6.1126
7.0.6
7.0
6.2.1
6.2
6.1.4
6.1.2
6.1
6.0.5
6.0.3
6.0
5.4.5
5.4.3
5.4
5.3.1.0606
5.3.1
5.3
5.1.4.0104
5.1.3
5.1.0.1021
5.1
5.0.2.0718
5.0.2
5.0
4.3.1.0218
4.3
4.2
4.1.1.0805
4.1.1
4.1
4.0.0.0619
4.0
3.3.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/103999
http://www.securitytracker.com/id/1040733
https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html
https://www.foxitsoftware.com/support/security-bulletins.php

Related CVE
CVE-2019-5007
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.
CVE-2019-5006
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.
CVE-2019-5005
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause ...
CVE-2018-19390
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification ...
CVE-2018-19389
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification i...
CVE-2018-19388
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.
CVE-2018-19348
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from ...
CVE-2018-19347
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from ...

Copyright 2019, cxsecurity.com

 

Back to Top