CVE-2017-5364 Foxitsoftware CVE debrief

Who should care

Organizations and developers that use or embed Foxit PDF Toolkit v1.3 should treat this as a priority issue, especially if the toolkit processes untrusted PDF files. Security teams should also care if the product is present in desktop, server, or document-processing workflows where users may open attacker-controlled files.

Technical summary

NVD classifies the flaw as CWE-119 memory corruption and assigns CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The available source material indicates that opening a specially crafted PDF can trigger the bug, with outcomes ranging from denial of service to remote code execution. The vendor advisory reference notes the issue was addressed in Foxit PDF Toolkit v2.0.

Defensive priority

High. The combination of memory corruption, user interaction, and potential remote code execution makes this a significant risk wherever untrusted PDFs are processed.

Recommended defensive actions

• Upgrade Foxit PDF Toolkit from v1.3 to v2.0 or later, per the vendor-fixed version noted in the supplied record.
• Inventory systems and applications that bundle or depend on Foxit PDF Toolkit v1.3.
• Reduce exposure to untrusted PDF content until the affected version is removed or updated.
• Consult the vendor security bulletin for any product-specific mitigation guidance.
• Prioritize patching in environments where PDF files are routinely received from external sources.

Evidence notes

This debrief is based only on the supplied NVD record and the referenced Foxit vendor security bulletin page. The record identifies the affected version as Foxit PDF Toolkit 1.3, the weakness as CWE-119, and notes remediation in v2.0. No additional exploit or remediation specifics were supplied in the corpus.

Official resources