Vulnerabilities > CVE-2018-17611 - Use After Free vulnerability in Foxitsoftware Phantompdf and Reader

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

foxitsoftware

CWE-416

NVD

Published: 2018-09-28

Updated: 2018-11-14

Summary

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

Vulnerable Configurations

Part	Description	Count
Application	Foxitsoftware Foxitsoftware Phantompdf 1.0.2 Foxitsoftware Phantompdf 2.0 Foxitsoftware Phantompdf 2.1 Foxitsoftware Phantompdf 2.1.1 Foxitsoftware Phantompdf 2.2 Foxitsoftware Phantompdf 2.2.1 Foxitsoftware Phantompdf 2.2.3 Foxitsoftware Phantompdf 3.0.1 Foxitsoftware Phantompdf 5.0.2 Foxitsoftware Phantompdf 5.0.2.0721 Foxitsoftware Phantompdf 5.0.3 Foxitsoftware Phantompdf 5.0.3.0811 Foxitsoftware Phantompdf 5.1 Foxitsoftware Phantompdf 5.1.1.1214 Foxitsoftware Phantompdf 5.1.2 Foxitsoftware Phantompdf 5.1.2.0305 Foxitsoftware Phantompdf 5.2 Foxitsoftware Phantompdf 5.2.0.0502 Foxitsoftware Phantompdf 5.2.1 Foxitsoftware Phantompdf 5.2.1.0615 Foxitsoftware Phantompdf 5.4 Foxitsoftware Phantompdf 5.4.0.0902 Foxitsoftware Phantompdf 5.4.2 Foxitsoftware Phantompdf 5.4.2.0918 Foxitsoftware Phantompdf 5.4.3 Foxitsoftware Phantompdf 5.4.3.1106 Foxitsoftware Phantompdf 6.0 Foxitsoftware Phantompdf 6.0.2.0413 Foxitsoftware Phantompdf 6.0.5 Foxitsoftware Phantompdf 6.0.5.0618 Foxitsoftware Phantompdf 6.0.7 Foxitsoftware Phantompdf 6.0.7.0806 Foxitsoftware Phantompdf 6.1 Foxitsoftware Phantompdf 6.1.1.1025 Foxitsoftware Phantompdf 6.1.2 Foxitsoftware Phantompdf 6.1.2.1227 Foxitsoftware Phantompdf 6.2 Foxitsoftware Phantompdf 6.2.0.0429 Foxitsoftware Phantompdf 6.2.1 Foxitsoftware Phantompdf 6.2.1.0168 Foxitsoftware Phantompdf 7.0 Foxitsoftware Phantompdf 7.0.3.916 Foxitsoftware Phantompdf 7.0.6 Foxitsoftware Phantompdf 7.0.6.1126 Foxitsoftware Phantompdf 7.1 Foxitsoftware Phantompdf 7.1.0.306 Foxitsoftware Phantompdf 7.1.3.320 Foxitsoftware Phantompdf 7.1.5 Foxitsoftware Phantompdf 7.1.5.425 Foxitsoftware Phantompdf 7.2 Foxitsoftware Phantompdf 7.2.0.0722 Foxitsoftware Phantompdf 7.2.0.722 Foxitsoftware Phantompdf 7.2.2 Foxitsoftware Phantompdf 7.2.2.0929 Foxitsoftware Phantompdf 7.3 Foxitsoftware Phantompdf 7.3.0.0118 Foxitsoftware Phantompdf 7.3.0.118 Foxitsoftware Phantompdf 7.3.4 Foxitsoftware Phantompdf 7.3.4.0311 Foxitsoftware Phantompdf 7.3.9 Foxitsoftware Phantompdf 7.3.9.0816 Foxitsoftware Phantompdf 7.3.11 Foxitsoftware Phantompdf 7.3.11.1122 Foxitsoftware Phantompdf 7.3.13 Foxitsoftware Phantompdf 7.3.13.421 Foxitsoftware Phantompdf 7.3.15 Foxitsoftware Phantompdf 7.3.15.712 Foxitsoftware Phantompdf 7.3.17 Foxitsoftware Phantompdf 7.3.17.906 Foxitsoftware Phantompdf 8.0 Foxitsoftware Phantompdf 8.0.0.624 Foxitsoftware Phantompdf 8.0.2 Foxitsoftware Phantompdf 8.0.2.805 Foxitsoftware Phantompdf 8.1 Foxitsoftware Phantompdf 8.1.0.1013 Foxitsoftware Phantompdf 8.1.1 Foxitsoftware Phantompdf 8.1.1.1115 Foxitsoftware Phantompdf 8.2 Foxitsoftware Phantompdf 8.2.0.2192 Foxitsoftware Phantompdf 8.2.1 Foxitsoftware Phantompdf 8.2.1.6871 Foxitsoftware Phantompdf 8.3 Foxitsoftware Phantompdf 8.3.0.14878 Foxitsoftware Phantompdf 8.3.1 Foxitsoftware Phantompdf 8.3.1.21155 Foxitsoftware Phantompdf 8.3.2 Foxitsoftware Phantompdf 8.3.2.25013 Foxitsoftware Phantompdf 8.3.5 Foxitsoftware Phantompdf 8.3.5.30351 Foxitsoftware Phantompdf 8.3.6 Foxitsoftware Phantompdf 8.3.6.35572 Foxitsoftware Phantompdf 8.3.7.38093 Foxitsoftware Phantompdf 8.3.8.39677 Foxitsoftware Phantompdf 8.3.9.41099 Foxitsoftware Phantompdf 8.3.10 Foxitsoftware Phantompdf 8.3.10.42705 Foxitsoftware Phantompdf 8.3.11 Foxitsoftware Phantompdf 9.0 Foxitsoftware Phantompdf 9.0.0.29935 Foxitsoftware Phantompdf 9.0.1 Foxitsoftware Phantompdf 9.0.1.1049 Foxitsoftware Phantompdf 9.0.1.31049 Foxitsoftware Phantompdf 9.1 Foxitsoftware Phantompdf 9.1.0.5096 Foxitsoftware Phantompdf 9.2.0.9297 Foxitsoftware Reader 2.2 Foxitsoftware Reader 2.3 Foxitsoftware Reader 3.0 Foxitsoftware Reader 3.1 Foxitsoftware Reader 3.1.0.0824 Foxitsoftware Reader 3.1.1.0901 Foxitsoftware Reader 3.1.2.1013 Foxitsoftware Reader 3.1.3.1030 Foxitsoftware Reader 3.2 Foxitsoftware Reader 3.2.1.0401 Foxitsoftware Reader 3.3.0 Foxitsoftware Reader 3.3.1 Foxitsoftware Reader 4.0 Foxitsoftware Reader 4.1.0 Foxitsoftware Reader 4.1.1 Foxitsoftware Reader 4.2.0 Foxitsoftware Reader 4.3.0 Foxitsoftware Reader 4.3.1.0218 Foxitsoftware Reader 5.0.1 Foxitsoftware Reader 5.0.2.01718 Foxitsoftware Reader 5.1.0 Foxitsoftware Reader 5.1.3 Foxitsoftware Reader 5.3.0 Foxitsoftware Reader 5.3.1 Foxitsoftware Reader 5.4.2 Foxitsoftware Reader 5.4.3 Foxitsoftware Reader 5.4.5 Foxitsoftware Reader 6.0.2 Foxitsoftware Reader 6.0.3 Foxitsoftware Reader 6.0.5 Foxitsoftware Reader 6.1 Foxitsoftware Reader 6.1.1 Foxitsoftware Reader 6.1.2 Foxitsoftware Reader 6.1.4 Foxitsoftware Reader 6.2.0 Foxitsoftware Reader 6.2.1 Foxitsoftware Reader 7.0.3 Foxitsoftware Reader 7.0.6 Foxitsoftware Reader 7.1.0 Foxitsoftware Reader 7.1.5 Foxitsoftware Reader 7.2.0 Foxitsoftware Reader 7.2.0.722 Foxitsoftware Reader 7.2.2 Foxitsoftware Reader 7.2.8 Foxitsoftware Reader 7.3.0 Foxitsoftware Reader 7.3.0.118 Foxitsoftware Reader 7.3.4 Foxitsoftware Reader 8.0.0 Foxitsoftware Reader 8.0.2 Foxitsoftware Reader 8.1.0 Foxitsoftware Reader 8.1.1 Foxitsoftware Reader 8.1.4 Foxitsoftware Reader 8.2.0 Foxitsoftware Reader 8.2.1 Foxitsoftware Reader 8.3.0 Foxitsoftware Reader 8.3.1 Foxitsoftware Reader 8.3.2 Foxitsoftware Reader 9.0.0 Foxitsoftware Reader 9.0.1 Foxitsoftware Reader 9.0.1.1049 Foxitsoftware Reader 9.1.0 Foxitsoftware Reader 9.2.0 Foxitsoftware Reader 9.2.0.9297	168

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.foxitsoftware.com/support/security-bulletins.php