Vulnerability Description
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Enterprise Reader | <= 7.0.6.1126 |
| Foxitsoftware | Foxit Reader | <= 7.0.6.1126 |
| Foxitsoftware | Phantompdf | <= 7.0.6.1126 |
Related Weaknesses (CWE)
References
- http://protekresearchlab.com/PRL-2015-02/Exploit
- http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memoryExploit
- http://securitytracker.com/id/1031878
- http://www.exploit-db.com/exploits/36334Exploit
- http://www.exploit-db.com/exploits/36335Exploit
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24
- http://www.osvdb.org/119302
- http://www.osvdb.org/119303
- http://www.securityfocus.com/bid/73430
- http://www.securitytracker.com/id/1031877
- http://protekresearchlab.com/PRL-2015-02/Exploit
- http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memoryExploit
- http://securitytracker.com/id/1031878
- http://www.exploit-db.com/exploits/36334Exploit
FAQ
What is CVE-2015-2790?
CVE-2015-2790 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or...
How severe is CVE-2015-2790?
CVE-2015-2790 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2790?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Enterprise Reader, Foxitsoftware Foxit Reader, Foxitsoftware Phantompdf.