Home

CVE-2016-6168

Description

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.347

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-6169, CVE-2016-6168 are affected in Foxit Reader 7.3.4.311Windows
Vulnerabilities CVE-2016-6169, CVE-2016-6168 are affected in Foxit PhantomPDF 10 (EXE) 7.3.4.311Windows
Vulnerabilities CVE-2016-6867,CVE-2016-6868,CVE-2016-6168,CVE-2016-6169 are fixed in Foxit PhantomPDF 10 (EXE) 7.3.11Windows
Vulnerabilities CVE-2016-6867,CVE-2016-6868,CVE-2016-6168,CVE-2016-6169 are fixed in Foxit PhantomPDF 10 (MSI) 7.3.11Windows
Vulnerabilities CVE-2016-6867,CVE-2016-6868,CVE-2016-6168,CVE-2016-6169 are fixed in Foxit PhantomPDF 10 (ML) (EXE) 7.3.11Windows
Vulnerabilities CVE-2016-6867,CVE-2016-6868,CVE-2016-6168,CVE-2016-6169 are fixed in Foxit PhantomPDF 10 (ML) (MSI) 7.3.11Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-334489Foxit Reader (2023.3.0.23028)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234