Vulnerability Details CVE-2018-3956
An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.108
EPSS Ranking 93.0%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 5.8
References
Products affected by CVE-2018-3956
-
cpe:2.3:a:foxitsoftware:phantompdf:1.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.0
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:3.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:4.0
-
cpe:2.3:a:foxitsoftware:phantompdf:4.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2.0721
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3.0811
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.1.1214
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2.0305
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.0.0502
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1.0615
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.0.0902
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2.0918
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3.1106
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.2.0413
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5.0618
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7.0806
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.1.1025
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2.1227
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.0.0429
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1.0168
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.3.916
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6.1126
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.0.306
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.3.320
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5.425
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.0722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2.0929
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.0118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11.1122
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13.421
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15.712
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17.906
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.0311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9.0816
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.0.624
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2.805
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.0.1013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1.1115
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.0.2192
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1.6871
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.0.14878
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1.21155
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10.42705
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11.45106
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12.47136
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2.25013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5.30351
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6.35572
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7.38093
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.8.39677
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9.41099
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.0.29935
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.31049
-
cpe:2.3:a:foxitsoftware:phantompdf:9.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.1.0.5096
-
cpe:2.3:a:foxitsoftware:phantompdf:9.2
-
cpe:2.3:a:foxitsoftware:phantompdf:9.2.0.9297
-
cpe:2.3:a:foxitsoftware:phantompdf:9.3
-
cpe:2.3:a:foxitsoftware:phantompdf:9.3.0.10826
-
cpe:2.3:a:foxitsoftware:reader:2.1.0.0804
-
cpe:2.3:a:foxitsoftware:reader:2.1.0.0805
-
cpe:2.3:a:foxitsoftware:reader:2.2
-
cpe:2.3:a:foxitsoftware:reader:2.3
-
cpe:2.3:a:foxitsoftware:reader:2.4.4
-
cpe:2.3:a:foxitsoftware:reader:3.0
-
cpe:2.3:a:foxitsoftware:reader:3.1
-
cpe:2.3:a:foxitsoftware:reader:3.1.0.0824
-
cpe:2.3:a:foxitsoftware:reader:3.1.1.0901
-
cpe:2.3:a:foxitsoftware:reader:3.1.2.1013
-
cpe:2.3:a:foxitsoftware:reader:3.1.3.1030
-
cpe:2.3:a:foxitsoftware:reader:3.2
-
cpe:2.3:a:foxitsoftware:reader:3.2.1.0401
-
cpe:2.3:a:foxitsoftware:reader:3.3
-
cpe:2.3:a:foxitsoftware:reader:3.3.0
-
cpe:2.3:a:foxitsoftware:reader:3.3.1
-
cpe:2.3:a:foxitsoftware:reader:4.0
-
cpe:2.3:a:foxitsoftware:reader:4.1.0
-
cpe:2.3:a:foxitsoftware:reader:4.1.1
-
cpe:2.3:a:foxitsoftware:reader:4.2.0
-
cpe:2.3:a:foxitsoftware:reader:4.3.0
-
cpe:2.3:a:foxitsoftware:reader:4.3.1.0218
-
cpe:2.3:a:foxitsoftware:reader:5.0.1
-
cpe:2.3:a:foxitsoftware:reader:5.0.2.01718
-
cpe:2.3:a:foxitsoftware:reader:5.1.0
-
cpe:2.3:a:foxitsoftware:reader:5.1.3
-
cpe:2.3:a:foxitsoftware:reader:5.3.0
-
cpe:2.3:a:foxitsoftware:reader:5.3.1
-
cpe:2.3:a:foxitsoftware:reader:5.4.2
-
cpe:2.3:a:foxitsoftware:reader:5.4.3
-
cpe:2.3:a:foxitsoftware:reader:5.4.5
-
cpe:2.3:a:foxitsoftware:reader:6.0.2
-
cpe:2.3:a:foxitsoftware:reader:6.0.3
-
cpe:2.3:a:foxitsoftware:reader:6.0.5
-
cpe:2.3:a:foxitsoftware:reader:6.1
-
cpe:2.3:a:foxitsoftware:reader:6.1.1
-
cpe:2.3:a:foxitsoftware:reader:6.1.2
-
cpe:2.3:a:foxitsoftware:reader:6.1.4
-
cpe:2.3:a:foxitsoftware:reader:6.2.0
-
cpe:2.3:a:foxitsoftware:reader:6.2.1
-
cpe:2.3:a:foxitsoftware:reader:7.0.3
-
cpe:2.3:a:foxitsoftware:reader:7.0.6
-
cpe:2.3:a:foxitsoftware:reader:7.1.0
-
cpe:2.3:a:foxitsoftware:reader:7.1.5
-
cpe:2.3:a:foxitsoftware:reader:7.2.0
-
cpe:2.3:a:foxitsoftware:reader:7.2.0.722
-
cpe:2.3:a:foxitsoftware:reader:7.2.2
-
cpe:2.3:a:foxitsoftware:reader:7.2.8
-
cpe:2.3:a:foxitsoftware:reader:7.3.0
-
cpe:2.3:a:foxitsoftware:reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:reader:7.3.4
-
cpe:2.3:a:foxitsoftware:reader:8.0.0
-
cpe:2.3:a:foxitsoftware:reader:8.0.2
-
cpe:2.3:a:foxitsoftware:reader:8.0.2.805
-
cpe:2.3:a:foxitsoftware:reader:8.0.5
-
cpe:2.3:a:foxitsoftware:reader:8.1.0
-
cpe:2.3:a:foxitsoftware:reader:8.1.1
-
cpe:2.3:a:foxitsoftware:reader:8.1.4
-
cpe:2.3:a:foxitsoftware:reader:8.2.0
-
cpe:2.3:a:foxitsoftware:reader:8.2.1
-
cpe:2.3:a:foxitsoftware:reader:8.3.0
-
cpe:2.3:a:foxitsoftware:reader:8.3.1
-
cpe:2.3:a:foxitsoftware:reader:8.3.2
-
cpe:2.3:a:foxitsoftware:reader:9.0.0
-
cpe:2.3:a:foxitsoftware:reader:9.0.1
-
cpe:2.3:a:foxitsoftware:reader:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:reader:9.1.0
-
cpe:2.3:a:foxitsoftware:reader:9.1.0.5096
-
cpe:2.3:a:foxitsoftware:reader:9.2
-
cpe:2.3:a:foxitsoftware:reader:9.2.0
-
cpe:2.3:a:foxitsoftware:reader:9.2.0.9297
-
cpe:2.3:a:foxitsoftware:reader:9.3
-
cpe:2.3:a:foxitsoftware:reader:9.3.0.10826
-
cpe:2.3:o:microsoft:windows:-