CVE-2019-5031

HIGH

Foxit PDF Reader <9.4.1.16828 - Memory Corruption

Title source: llm

Description

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793

Scores

CVSS v3 8.8

EPSS 0.0102

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-770 CWE-703

Status published

Products (2)

foxitsoftware/phantompdf < 9.4.1.16828

foxitsoftware/reader < 9.4.1.16828

Published Oct 02, 2019

Tracked Since Feb 18, 2026