Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

1) Type confusion

EUVDB-ID: #VU9131

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can execute certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Type confusion

EUVDB-ID: #VU9133

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can execute certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free error

EUVDB-ID: #VU9134

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling Annot objects. A remote attacker can trick the victim into opening a specially crafted Annot object, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU9135

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the _JP2_Codestream_Read_SOT function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU9136

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the lrt_jp2_decompress_write_stripe function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU9137

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when rendering images. A remote attacker can trick the victim into opening a specially crafted image file, abuse the render.image function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU9138

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted PDF file, abuse the GetBitmapWithoutColorKey function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU9139

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to uninitialized pointer when handling malicious input. A remote attacker can trick the victim into opening a specially crafted abnormal PDF file, abuse the JP2_Format_Decom function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free error

EUVDB-ID: #VU9140

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the inconsistency of XFA nodes and XML nodes after deletion during data binding. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU9141

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of document after it has been freed by closeDoc JavaScript. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU9142

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the invalid length of size_file_name in CDRecord in the ZIP compression data. A remote attacker can trick the victim into opening a specially crafted EPUB file, trigger buffer overflow and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Type confusion

EUVDB-ID: #VU9143

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of discrepant data object during data binding. A remote attacker can trick the victim into opening specially crafted XFA files and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU9144

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the incorrect resource loading when the gflags app is enabled. A remote attacker can trick the victim into opening a specially crafted input, cause file type filter to disorder, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU9145

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the calling of incorrect util.printf parameter. A remote attacker can trick the victim into opening a specially crafted input, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update Foxit Reader to version 9.0.
Update Foxit PhantomPDF to version 8.3.5.

Vulnerable software versions

Foxit PDF Reader for Windows: 7.3.0.118 - 8.3.2.25013

Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118 - 8.3.2.25013

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	14
CVE-ID	N/A
CWE-ID	CWE-843 CWE-416 CWE-125 CWE-120
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Foxit PDF Reader for Windows Client/Desktop applications / Office applications Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications
Vendor	Foxit Software Inc.