Vulnerabilites related to Foxit Software - Foxit Reader
cve-2016-8334
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93799 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0201/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software | Foxit Reader |
Version: 8.0.2.805 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0201/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foxit Reader",
"vendor": "Foxit Software",
"versions": [
{
"status": "affected",
"version": "8.0.2.805"
}
]
}
],
"datePublic": "2016-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:22",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "93799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0201/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "8.0.2.805"
}
]
}
}
]
},
"vendor_name": "Foxit Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93799"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0201/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0201/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8334",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-09-28T00:00:00",
"dateUpdated": "2024-08-06T02:20:30.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}