CVE-2016-8334

MEDIUM

Foxit PDF Reader - Info Disclosure

Title source: llm

Description

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.

References (2)

[Technical Description, Third Party Advisory] http://www.talosintelligence.com/reports/TALOS-2016-0201/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93799

Scores

CVSS v3 6.8

EPSS 0.1346

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

Classification

CWE

CWE-125

Status published

Affected Products (2)

foxitsoftware/reader

Foxit Software/Foxit Reader < 8.0.2.805

Timeline

Published Jan 06, 2017

Tracked Since Feb 18, 2026