Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-2790

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Published

2015-03-30T14:59:10.600

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	foxitsoftware	enterprise_reader	≤ 7.0.6.1126	Yes
Application	foxitsoftware	foxit_reader	≤ 7.0.6.1126	Yes
Application	foxitsoftware	phantompdf	≤ 7.0.6.1126	Yes

References

http://protekresearchlab.com/PRL-2015-02/ Exploit ([email protected])
http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/ Exploit ([email protected])
http://securitytracker.com/id/1031878 ([email protected])
http://www.exploit-db.com/exploits/36334 Exploit ([email protected])
http://www.exploit-db.com/exploits/36335 Exploit ([email protected])
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23 ([email protected])
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24 ([email protected])
http://www.osvdb.org/119302 ([email protected])
http://www.osvdb.org/119303 ([email protected])
http://www.securityfocus.com/bid/73430 ([email protected])
http://www.securitytracker.com/id/1031877 ([email protected])
http://protekresearchlab.com/PRL-2015-02/ Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/ Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id/1031878 (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/36334 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/36335 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23 (af854a3a-2127-422b-91ae-364da2661108)
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/119302 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/119303 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/73430 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1031877 (af854a3a-2127-422b-91ae-364da2661108)