Vulnerability Description
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | <= 8.2.0.2051 |
| Foxitsoftware | Phantompdf | <= 8.2.0.2192 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98319Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-140/Third Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/98319Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-140/Third Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpPatchVendor Advisory
FAQ
What is CVE-2017-8455?
CVE-2017-8455 is a vulnerability with a CVSS score of 7.8 (HIGH). Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a...
How severe is CVE-2017-8455?
CVE-2017-8455 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8455?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader, Foxitsoftware Phantompdf.