CVE-2011-1908
Foxit Reader < 4.0 - Remote Code Execution via Crafted Type 1 Font
Title source: llmDescription
Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48359
Third Party Advisory x_refsource_misc
http://www.microsoft.com/technet/security/advisory/msvr11-005.mspx
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68145
Patch, Vendor Advisory x_refsource_confirm
http://www.foxitsoftware.com/products/reader/security_bulletins.php#freetype
Scores
EPSS
0.0073
EPSS Percentile
73.0%
Details
CWE
CWE-189
Status
published
Products (12)
foxitsoftware/foxit_reader
2.0
foxitsoftware/foxit_reader
2.2
foxitsoftware/foxit_reader
2.3
foxitsoftware/foxit_reader
3.0
foxitsoftware/foxit_reader
3.1
foxitsoftware/foxit_reader
3.1.1
foxitsoftware/foxit_reader
3.1.3
foxitsoftware/foxit_reader
3.1.4
foxitsoftware/foxit_reader
3.2
foxitsoftware/foxit_reader
3.2.1
... and 2 more
Published
Jun 24, 2011
Tracked Since
Feb 18, 2026