Description
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793
Scores
CVSS v3
8.8
EPSS
0.0604
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-770
CWE-703
Status
published
Products (2)
foxitsoftware/phantompdf
< 9.4.1.16828
foxitsoftware/reader
< 9.4.1.16828
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026