CVE-2018-14442

CRITICAL

Foxit Reader <9.2 - PhantomPDF <9.2 - Use After Free

Title source: llm

Description

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.

Exploits (2)

nomisec WORKING POC 58 stars
by payatu · poc
https://github.com/payatu/CVE-2018-14442
nomisec WRITEUP
by sandi-go · poc
https://github.com/sandi-go/PS-2018-002---CVE-2018-14442

References (1)

Scores

CVSS v3 9.8
EPSS 0.0495
EPSS Percentile 89.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
foxitsoftware/foxit_reader < 9.2
foxitsoftware/phantompdf < 9.2
Published Jul 20, 2018
Tracked Since Feb 18, 2026