Vulnerability Details CVE-2016-4065
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.zerodayinitiative.com/advisories/ZDI-16-216
- http://www.zerodayinitiative.com/advisories/ZDI-16-217
- http://www.zerodayinitiative.com/advisories/ZDI-16-218
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://www.zerodayinitiative.com/advisories/ZDI-16-216
- http://www.zerodayinitiative.com/advisories/ZDI-16-217
- http://www.zerodayinitiative.com/advisories/ZDI-16-218
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2016-4065
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118