PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5556 Foxitsoftware CVE debrief

CVE-2017-5556 is a memory-safety issue in Foxit Reader and PhantomPDF on Windows affecting the ConvertToPDF plugin. According to the CVE record, a crafted JPEG image can trigger an out-of-bounds read and application crash when the gflags app is enabled. The NVD record also notes potential information disclosure and says the flaw could be chained with other vulnerabilities to execute code in the current process. The CVE was published on 2017-01-23.

Vendor
Foxitsoftware
Product
CVE-2017-5556
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-23
Original CVE updated
2026-05-13
Advisory published
2017-01-23
Advisory updated
2026-05-13

Who should care

Organizations using Foxit Reader or PhantomPDF on Windows, especially where users open untrusted JPEG files or where ConvertToPDF is part of normal document workflows. Security teams should pay particular attention to systems that still run versions covered by the NVD CPEs and any deployment that enables gflags for testing or diagnostics.

Technical summary

NVD classifies CVE-2017-5556 as CWE-125 (out-of-bounds read) with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H, reflecting remote attack potential with user interaction required. The issue is described in the ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows. A crafted JPEG can cause a crash, and the description states that the resulting information disclosure could be useful in chaining toward code execution in the current process.

Defensive priority

High. The flaw is remotely reachable, requires only user interaction, and carries high confidentiality and availability impact. Because the published description explicitly mentions information disclosure and possible chaining toward code execution, affected systems should be prioritized for upgrade and exposure reduction.

Recommended defensive actions

  • Upgrade Foxit Reader and PhantomPDF to versions at or beyond 8.2.
  • Inventory endpoints to identify any installations matching the affected Foxit Reader and PhantomPDF versions listed by NVD.
  • Limit or isolate handling of untrusted JPEG files in workflows that use ConvertToPDF.
  • Treat crashes in the ConvertToPDF plugin as potential security indicators and investigate them promptly.
  • Apply least privilege and application containment to reduce impact if a chained exploit is attempted.

Evidence notes

All key claims in this debrief come from the supplied NVD/CVE corpus and the referenced vendor and third-party advisories. The CVE record was published on 2017-01-23 and last modified on 2026-05-13 in the supplied source metadata. NVD describes a crafted-JPEG-triggered out-of-bounds read and crash in the Foxit Reader/PhantomPDF ConvertToPDF plugin when gflags is enabled, and it assigns CWE-125 plus CVSS 3.0 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H. The supplied references include the CVE record, NVD detail page, Foxit security bulletins, SecurityFocus BID 95353, and ZDI-17-039.

Official resources

Publicly disclosed in the CVE record on 2017-01-23. The supplied source metadata shows the record was last modified on 2026-05-13. No KEV listing was included in the supplied corpus.