Home

CVE-2018-10303

Description

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.594

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Foxit PhantomPDF 8 (ML) 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (EXE) 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (ML) (EXE) 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (ML) (MSI) 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (MSI) 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit PhantomPDF Slim 9.0.1.31049Windows
Multiple vulnerabilities affected in Foxit Reader 9.0.1.1049Windows
Multiple vulnerabilities affected in Foxit Reader Enterprise 9.0.1.1049Windows
Multiple Vulnerabilities are affected in Foxit Reader 9.0.1.1049Windows
Multiple Vulnerabilities are affected in Foxit Reader Enterprise 9.0.1.1049Windows
Multiple vulnerabilities are fixed in Foxit Reader (9.2.0.9297)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (9.2.0.9297)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (EXE) 9.2Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (EXE) 8.3.6Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (MSI) 9.2Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (MSI) 8.3.6Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (EXE) 9.2Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (EXE) 8.3.6Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (MSI) 9.2Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (MSI) 8.3.6Windows
Multiple vulnerabilities are fixed in Foxit Reader (9.1.0.5096)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-341796Foxit Reader (2024.3.0.26795)
PATCH-341798Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise)
PATCH-341796Foxit Reader (2024.3.0.26795)
PATCH-341798Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise)
PATCH-341796Foxit Reader (2024.3.0.26795)
PATCH-341798Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)
PATCH-347386Foxit Reader (2025.1.0.27937)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234