CVE-2019-5031

Published: Oct 2, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Affected (2)

Products: Foxitsoftware: Phantompdf, Reader

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Foxitsoftware Phantompdf	Up to 9.4.1.16828
Foxitsoftware Reader	Up to 9.4.1.16828

Related CWEs

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.