SB2021101204 - Multiple vulnerabilities in Foxit PDF Reader and Foxit PDF Editor

Security Bulletin ID SB2021101204

Severity

High

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.

Details on the vulnerability are not fully disclosed, this issue has being assigned the following identifiers: CNVD-C-2021-205496, CNVD-C-2021-205515, CNVD-C-2021-205541.

2) Memory corruption (CVE-ID: CVE-2021-41780)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-40326)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient verification of digital signatures in PDF files. A remote attacker can display arbitrary content in the signed PDF file.

4) Memory corruption (CVE-ID: CVE-2021-41781)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Memory corruption (CVE-ID: CVE-2021-41784)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Memory corruption (CVE-ID: CVE-2021-41782)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Memory corruption (CVE-ID: CVE-2021-41783)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Memory corruption (CVE-ID: CVE-2021-41785)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

9) Heap-based buffer overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing JPEG2000 images in PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability has been assigned the following identifier: ZDI-CAN-14812.

10) Out-of-bounds write (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when converting PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into converting it to Microsoft Office format, trigger an out-of-bounds write and execute arbitrary code on the target system.

11) Format string error (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a format string error when the util.printf function fails to handle the format extension properly. A remote attacker can supply a specially crafted PDF file that contains format string specifiers and gain access to sensitive information.

This vulnerability has been assigned the following identifier: ZDI-CAN-14849.

12) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

The vulnerability has been assigned the following identifiers: ZDI-CAN-14659, ZDI-CAN-14968.

13) Input validation error (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when handling PDF files with illegal dictionary entries or incorrect Outlines. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger the stack overflow and crash the application.

The vulnerability has been assigned the following identifier: CNVD-C-2021-247433.

14) Stack overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when handling JavaScript in PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger the stack overflow and crash the application.

15) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling JavaScript. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

16) Memory corruption (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to multiple boundary errors when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

The vulnerability has been assigned the following identifiers: ZDI-CAN-14273, ZDI-CAN-14395/CNVD-C-2021-247436, ZDI-CAN-14355, ZDI-CAN-14356, ZDI-CAN-14357, ZDI-CAN-14358, ZDI-CAN-14359, ZDI-CAN-14360, ZDI-CAN-14361, ZDI-CAN-14362, ZDI-CAN-14363, ZDI-CAN-14364, ZDI-CAN-14365, ZDI-CAN-14366, ZDI-CAN-14367, ZDI-CAN-14368.

17) Use-after-free (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error during URL path conversion in browser add-on, when processing a not accessible URL. A remote attacker can trick the victim to open a specially crafted PDF file in browser, trigger a use-after-free error and gain access to the NTLM v2 authentication credentials.

18) Input validation error (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of the file suffix and file path when handling attachments or submitting forms. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

https://www.foxitsoftware.com/support/security-bulletins.html

SB2021101204 - Multiple vulnerabilities in Foxit PDF Reader and Foxit PDF Editor

Breakdown by Severity

Description

Remediation

References

Please verify you're human