Vulnerability Details CVE-2017-5556
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
- http://www.securityfocus.com/bid/95353
- http://www.zerodayinitiative.com/advisories/ZDI-17-039/
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://www.securityfocus.com/bid/95353
- http://www.zerodayinitiative.com/advisories/ZDI-17-039/
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2017-5556
-
cpe:2.3:a:foxitsoftware:foxit_reader:8.1.4.1208
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1.1115
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista