Vulnerability Details CVE-2017-17557
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.3
EPSS Ranking 96.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/103999
- http://www.securitytracker.com/id/1040733
- https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://www.securityfocus.com/bid/103999
- http://www.securitytracker.com/id/1040733
- https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2017-17557
-
cpe:2.3:a:foxitsoftware:foxit_reader:2.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:2.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:2.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.0.0111
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.0.0824
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1.0901
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.2.1013
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.2.1030
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.4
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.4.1125
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.2.0.0303
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.2.1.0401
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.3.0.0430
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.3.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:3.3.1.0520
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.0.0.0619
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.1.0.0726
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.1.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.1.1.0805
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.2.0.0928
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.3.0.1110
-
cpe:2.3:a:foxitsoftware:foxit_reader:4.3.1.0218
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.0.1.0523
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.0.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.0.2.0718
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.1.0.1021
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.1.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.1.3.1201
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.1.4.0104
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.3.0.0423
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.3.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.3.1.0606
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4.2.0901
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4.3.0920
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4.5
-
cpe:2.3:a:foxitsoftware:foxit_reader:5.4.5.0114
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0.2.0413
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0.3.0524
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0.5
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.0.5.0618
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1.1.1031
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1.2.1224
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1.4
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.1.4.0217
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.2.0.0429
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.2.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:6.2.1.0618
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.0.3.916
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.0.6
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.0.6.1126
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.1.0.306
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.1.5
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.1.5.425
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2.0.722
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2.2.0929
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2.8
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.2.8.1124
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.4
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.4.311
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.0.0.624
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.0.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.0.2.805
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.0.1013
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.1.1115
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.4
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.4.1208
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.2.0.2051
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.2.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.2.1.6871
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3.0.14878
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3.1.21155
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3.2
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.3.2.25013
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.0
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.0.29935
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.104
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:phantompdf:1.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.0
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:3.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:4.0
-
cpe:2.3:a:foxitsoftware:phantompdf:4.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2.0721
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3.0811
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.1.1214
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2.0305
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.0.0502
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1.0615
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.0.0902
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2.0918
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3.1106
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.2.0413
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5.0618
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7.0806
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.1.1025
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2.1227
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.0.0429
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1.0168
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.3.916
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6.1126
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.0.306
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.3.320
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5.425
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.0722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2.0929
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.0118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11.1122
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13.421
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15.712
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17.906
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.0311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9.0816
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.0.624
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2.805
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.0.1013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1.1115
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.0.2192
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1.6871
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.0.14878
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1.21155
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10.42705
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11.45106
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12.47136
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2.25013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5.30351
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6.35572
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7.38093
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.8.39677
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9.41099
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.0.29935
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.31049