Foxitsoftware CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Foxitsoftware CVE published 2017-01-23

CVE-2017-5556

CVE-2017-5556 is a memory-safety issue in Foxit Reader and PhantomPDF on Windows affecting the ConvertToPDF plugin. According to the CVE record, a crafted JPEG image can trigger an out-of-bounds read and application crash when the gflags app is enabled. The NVD record also notes potential information disclosure and says the flaw could be chained with other vulnerabilities to execute code in the current pr [truncated]

HIGH Foxitsoftware CVE published 2017-01-13

CVE-2017-5364

CVE-2017-5364 is a high-severity memory corruption vulnerability in Foxit PDF Toolkit v1.3. According to the supplied NVD record and vendor reference, a specially crafted PDF can trigger the issue when opened by the victim, potentially causing denial of service or remote code execution. The vulnerability was fixed in Foxit PDF Toolkit v2.0.