Vulnerability Description
Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | <= 7.2.0.722 |
| Foxitsoftware | Phantompdf | <= 7.2.0.722 |
References
- http://www.zerodayinitiative.com/advisories/ZDI-15-622Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-623Third Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.php#FRD-34Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-15-622Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-15-623Third Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.php#FRD-34Vendor Advisory
FAQ
What is CVE-2015-8580?
CVE-2015-8580 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary c...
How severe is CVE-2015-8580?
CVE-2015-8580 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8580?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader, Foxitsoftware Phantompdf.