CVE-2015-2790

Published: Mar 30, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Affected (3)

Products: Foxitsoftware: Enterprise Reader, Foxit Reader, Phantompdf

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Foxitsoftware Enterprise Reader	Up to 7.0.6.1126
Foxitsoftware Foxit Reader	Up to 7.0.6.1126
Foxitsoftware Phantompdf	Up to 7.0.6.1126

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://protekresearchlab.com/PRL-2015-02/

Source: cve@mitre.org

Exploit

http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/

Source: cve@mitre.org

Exploit

http://securitytracker.com/id/1031878

Source: cve@mitre.org

http://www.exploit-db.com/exploits/36334

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/36335

Source: cve@mitre.org

Exploit

http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23

Source: cve@mitre.org

http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24

Source: cve@mitre.org

http://www.osvdb.org/119302

Source: cve@mitre.org

http://www.osvdb.org/119303

Source: cve@mitre.org

http://www.securityfocus.com/bid/73430

Source: cve@mitre.org

http://www.securitytracker.com/id/1031877

Source: cve@mitre.org

http://protekresearchlab.com/PRL-2015-02/