NULL pointer dereference in Foxit Reader for Linux

Published: 2018-09-19 | Updated: 2018-09-30

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Foxit Reader for Linux Client/Desktop applications / Office applications
Vendor	Foxit Software Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU14925

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger NULL pointer dereference error and crash the affected application.

Mitigation

Update to version 2.4.4.

Vulnerable software versions

Foxit Reader for Linux: 2.1 - 2.4.1.0609

CPE2.3

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.