Vulnerability Description
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
CVSS Score
7.3
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | <= 8.3.0.14878 |
| Foxitsoftware | Phantompdf | <= 8.3.0.14878 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99499Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039113
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
- http://www.securityfocus.com/bid/99499Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039113
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
FAQ
What is CVE-2017-10994?
CVE-2017-10994 is a vulnerability with a CVSS score of 7.3 (HIGH). Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
How severe is CVE-2017-10994?
CVE-2017-10994 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-10994?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader, Foxitsoftware Phantompdf.