CVE-2018-17781

HIGH

Foxit PhantomPDF <9.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.foxitsoftware.com/support/security-bulletins.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041769

Scores

CVSS v3 7.5
EPSS 0.0008
EPSS Percentile 23.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
foxitsoftware/phantompdf < 9.2.0.9297
foxitsoftware/reader < 9.2.0.9297
Published Sep 29, 2018
Tracked Since Feb 18, 2026