Skip to main content

Foxit Reader CVE-2018-18933

CRITICAL
Out-of-bounds Read (CWE-125)
2018-11-05 cve@mitre.org
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 05, 2018 - 09:29 nvd
CRITICAL 9.1

DescriptionNVD

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.

AnalysisAI

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue. Affected products include: Foxitsoftware Foxit Reader, Foxitsoftware U3D.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2015-2790 MEDIUM POC
4.3 Mar 30

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory c

CVE-2018-9958 HIGH POC
8.8 May 17

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1

CVE-2017-10952 HIGH POC
8.8 Aug 29

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2

CVE-2018-9948 MEDIUM POC
6.5 May 17

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader

CVE-2023-40194 HIGH POC
8.8 Nov 27

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due

CVE-2023-39542 HIGH POC
8.8 Nov 27

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. Rated high severity (CV

CVE-2023-38573 HIGH POC
8.8 Nov 27

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. Rated high severit

CVE-2023-35985 HIGH POC
8.8 Nov 27

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due

CVE-2023-32616 HIGH POC
8.8 Nov 27

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. Rated high severity (

CVE-2021-21822 HIGH POC
8.8 May 10

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. Rat

CVE-2020-13547 HIGH POC
8.8 Dec 22

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.3752

CVE-2020-13570 HIGH POC
8.8 Dec 22

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. Rat

Share

CVE-2018-18933 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy