Vulnerabilities > CVE-2018-20247 - Out-of-bounds Write vulnerability in Foxitsoftware Quick PDF Library

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

foxitsoftware

CWE-787

NVD

Published: 2018-12-24

Updated: 2020-09-18

Summary

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.

Vulnerable Configurations

Part	Description	Count
Application	Foxitsoftware Foxitsoftware Quick PDF Library 7.0 Foxitsoftware Quick PDF Library 8.0 Foxitsoftware Quick PDF Library 9.0 Foxitsoftware Quick PDF Library 10.0 Foxitsoftware Quick PDF Library 11.0 Foxitsoftware Quick PDF Library 12.0 Foxitsoftware Quick PDF Library 13.0 Foxitsoftware Quick PDF Library 14.0 Foxitsoftware Quick PDF Library 15.0 Foxitsoftware Quick PDF Library 16.0 Foxitsoftware Quick PDF Library 16.11	11

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References