CVE-2018-20249 — HIGH (8.8)

Q: How severe is CVE-2018-20249?

CVE-2018-20249 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20249?

Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Quick Pdf Library.

Vulnerability Description

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Foxitsoftware	Quick Pdf Library	< 16.12

Related Weaknesses (CWE)

CWE-119 CWE-787

References

http://www.securityfocus.com/bid/106306Third Party AdvisoryVDB Entry
https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
http://www.securityfocus.com/bid/106306Third Party AdvisoryVDB Entry
https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory

FAQ

What is CVE-2018-20249?

CVE-2018-20249 is a vulnerability with a CVSS score of 8.8 (HIGH). In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may resu...

How severe is CVE-2018-20249?

CVE-2018-20249 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20249?

Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Quick Pdf Library.