Home

CVE-2018-17781

Description

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.084

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Foxit PhantomPDF 8.3.8Windows
Multiple vulnerabilities fixed in Foxit Reader (9.3.0.10826)Windows
Multiple vulnerabilities fixed in Foxit Reader Enterprise (9.3.0.10826)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF (9.3.0.10826)Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 8.0.5Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-308177Foxit Reader (9.3.0.10826)
PATCH-308178Foxit Reader Enterprise (9.3.0.10826)
PATCH-308179Foxit PhantomPDF (9.3.0.10826)
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234