Vulnerabilities > CVE-2016-6168 - Use After Free vulnerability in Foxitsoftware Foxit Reader and Phantompdf

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

foxitsoftware

CWE-416

nessus

NVD

Published: 2018-02-07

Updated: 2018-02-24

Summary

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.

Vulnerable Configurations

Part	Description	Count
Application	Foxitsoftware Foxitsoftware Foxit Reader 2.0 Foxitsoftware Foxit Reader 2.2 Foxitsoftware Foxit Reader 2.3 Foxitsoftware Foxit Reader 3.0 Foxitsoftware Foxit Reader 3.1 Foxitsoftware Foxit Reader 3.1.0.0111 Foxitsoftware Foxit Reader 3.1.2.1013 Foxitsoftware Foxit Reader 3.1.2.1030 Foxitsoftware Foxit Reader 3.1.4 Foxitsoftware Foxit Reader 3.2 Foxitsoftware Foxit Reader 3.2.0.0303 Foxitsoftware Foxit Reader 3.2.1.0401 Foxitsoftware Foxit Reader 3.3 Foxitsoftware Foxit Reader 3.3.1 Foxitsoftware Foxit Reader 4.0 Foxitsoftware Foxit Reader 4.0.0.0619 Foxitsoftware Foxit Reader 4.1 Foxitsoftware Foxit Reader 4.1.1 Foxitsoftware Foxit Reader 4.1.1.0805 Foxitsoftware Foxit Reader 4.2 Foxitsoftware Foxit Reader 4.3 Foxitsoftware Foxit Reader 4.3.1.0218 Foxitsoftware Foxit Reader 5.0 Foxitsoftware Foxit Reader 5.0.2 Foxitsoftware Foxit Reader 5.0.2.0718 Foxitsoftware Foxit Reader 5.1 Foxitsoftware Foxit Reader 5.1.0.1021 Foxitsoftware Foxit Reader 5.1.3 Foxitsoftware Foxit Reader 5.1.4.0104 Foxitsoftware Foxit Reader 5.3 Foxitsoftware Foxit Reader 5.3.1 Foxitsoftware Foxit Reader 5.3.1.0606 Foxitsoftware Foxit Reader 5.4 Foxitsoftware Foxit Reader 5.4.3 Foxitsoftware Foxit Reader 5.4.5 Foxitsoftware Foxit Reader 6.0 Foxitsoftware Foxit Reader 6.0.3 Foxitsoftware Foxit Reader 6.0.5 Foxitsoftware Foxit Reader 6.1 Foxitsoftware Foxit Reader 6.1.2 Foxitsoftware Foxit Reader 6.1.4 Foxitsoftware Foxit Reader 6.2 Foxitsoftware Foxit Reader 6.2.1 Foxitsoftware Foxit Reader 7.0 Foxitsoftware Foxit Reader 7.0.6 Foxitsoftware Foxit Reader 7.0.6.1126 Foxitsoftware Foxit Reader 7.1 Foxitsoftware Foxit Reader 7.1.5 Foxitsoftware Foxit Reader 7.2 Foxitsoftware Foxit Reader 7.2.0.722 Foxitsoftware Foxit Reader 7.2.2 Foxitsoftware Foxit Reader 7.2.8 Foxitsoftware Foxit Reader 7.3 Foxitsoftware Foxit Reader 7.3.0.118 Foxitsoftware Foxit Reader 7.3.4 Foxitsoftware Phantompdf 1.0.2 Foxitsoftware Phantompdf 2.0 Foxitsoftware Phantompdf 2.1 Foxitsoftware Phantompdf 2.1.1 Foxitsoftware Phantompdf 2.2 Foxitsoftware Phantompdf 2.2.1 Foxitsoftware Phantompdf 2.2.3 Foxitsoftware Phantompdf 3.0.1 Foxitsoftware Phantompdf 5.0.2 Foxitsoftware Phantompdf 5.0.2.0721 Foxitsoftware Phantompdf 5.0.3 Foxitsoftware Phantompdf 5.0.3.0811 Foxitsoftware Phantompdf 5.1 Foxitsoftware Phantompdf 5.1.1.1214 Foxitsoftware Phantompdf 5.1.2 Foxitsoftware Phantompdf 5.1.2.0305 Foxitsoftware Phantompdf 5.2 Foxitsoftware Phantompdf 5.2.0.0502 Foxitsoftware Phantompdf 5.2.1 Foxitsoftware Phantompdf 5.2.1.0615 Foxitsoftware Phantompdf 5.4 Foxitsoftware Phantompdf 5.4.0.0902 Foxitsoftware Phantompdf 5.4.2 Foxitsoftware Phantompdf 5.4.2.0918 Foxitsoftware Phantompdf 5.4.3 Foxitsoftware Phantompdf 5.4.3.1106 Foxitsoftware Phantompdf 6.0 Foxitsoftware Phantompdf 6.0.2.0413 Foxitsoftware Phantompdf 6.0.5 Foxitsoftware Phantompdf 6.0.5.0618 Foxitsoftware Phantompdf 6.0.7 Foxitsoftware Phantompdf 6.0.7.0806 Foxitsoftware Phantompdf 6.1 Foxitsoftware Phantompdf 6.1.1.1025 Foxitsoftware Phantompdf 6.1.2 Foxitsoftware Phantompdf 6.1.2.1227 Foxitsoftware Phantompdf 6.2 Foxitsoftware Phantompdf 6.2.0.0429 Foxitsoftware Phantompdf 6.2.1 Foxitsoftware Phantompdf 6.2.1.0168 Foxitsoftware Phantompdf 7.0 Foxitsoftware Phantompdf 7.0.3.916 Foxitsoftware Phantompdf 7.0.6 Foxitsoftware Phantompdf 7.0.6.1126 Foxitsoftware Phantompdf 7.1 Foxitsoftware Phantompdf 7.1.0.306 Foxitsoftware Phantompdf 7.1.3.320 Foxitsoftware Phantompdf 7.1.5 Foxitsoftware Phantompdf 7.1.5.425 Foxitsoftware Phantompdf 7.2 Foxitsoftware Phantompdf 7.2.0.0722 Foxitsoftware Phantompdf 7.2.0.722 Foxitsoftware Phantompdf 7.2.2 Foxitsoftware Phantompdf 7.2.2.0929 Foxitsoftware Phantompdf 7.3 Foxitsoftware Phantompdf 7.3.0.0118 Foxitsoftware Phantompdf 7.3.0.118 Foxitsoftware Phantompdf 7.3.4 Foxitsoftware Phantompdf 7.3.4.0311	114

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Windows
NASL id	FOXIT_PHANTOM_7_3_9.NASL
description	According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-04-30
modified	2018-11-28
plugin id	119259
published	2018-11-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119259
title	Foxit PhantomPDF < 7.3.9 Multiple Vulnerabilities

NASL family	Windows
NASL id	FOXIT_PHANTOM_8_1_1.NASL
description	According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-04-30
modified	2018-11-28
plugin id	119263
published	2018-11-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119263
title	Foxit PhantomPDF < 8.1.1 Multiple Vulnerabilities

NASL family	Windows
NASL id	FOXIT_PHANTOM_8_0.NASL
description	According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.0. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-04-30
modified	2018-11-28
plugin id	119260
published	2018-11-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119260
title	Foxit PhantomPDF < 8.0 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References