CVE-2011-0332
Foxit Reader < 4.3.1.0218 and Foxit Phantom < 2.3.3.1112 - Remote Code Execution via ICC Chunk Integer Overflow
Title source: llmDescription
Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43440
Not Applicable vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0508
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-14/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43329
Patch, Vendor Advisory x_refsource_confirm
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025129
Scores
EPSS
0.0186
EPSS Percentile
83.3%
Details
CWE
CWE-189
Status
published
Products (23)
foxitsoftware/foxit_phantom
1.0.2
foxitsoftware/foxit_phantom
2.0
foxitsoftware/foxit_phantom
2.1
foxitsoftware/foxit_phantom
2.1.1
foxitsoftware/foxit_phantom
2.2
foxitsoftware/foxit_phantom
2.2.1
foxitsoftware/foxit_phantom
2.2.3
foxitsoftware/foxit_phantom
2.2.4
foxitsoftware/foxit_phantom
< 2.3
foxitsoftware/foxit_reader
2.0
... and 13 more
Published
Feb 25, 2011
Tracked Since
Feb 18, 2026