In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.
References
Link | Resource |
---|---|
https://www.foxitsoftware.com/support/security-bulletins.php | Vendor Advisory |
http://www.securitytracker.com/id/1040733 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/103999 | Third Party Advisory VDB Entry |
https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-04-24 13:29
Updated : 2018-06-05 07:33
NVD link : CVE-2017-17557
Mitre link : CVE-2017-17557
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
foxitsoftware
- foxit_reader
- phantompdf