4.3

CVE-2015-2790

Exploit
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoxitsoftwareEnterprise Reader Version <= 7.0.6.1126
FoxitsoftwareFoxit Reader Version <= 7.0.6.1126
FoxitsoftwarePhantompdf Version <= 7.0.6.1126
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.68% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://protekresearchlab.com/PRL-2015-02/
Exploit
http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/
Exploit
http://securitytracker.com/id/1031878
http://www.exploit-db.com/exploits/36334
Exploit
http://www.exploit-db.com/exploits/36335
Exploit
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24
http://www.osvdb.org/119302
http://www.osvdb.org/119303
http://www.securityfocus.com/bid/73430
http://www.securitytracker.com/id/1031877