ALERT: Foxit fixes eight high severity vulnerabilities in Foxit Reader

  • Post author:
  • Reading time:4 mins read

Foxit has released a security advisory for Foxit Reader. There are eight high severity bugs that were fixed in this update. These vulnerabilities are:

  • CVE-2019-5031 is a memory corruption vulnerability in JavaScript engine. An attacker can use a specially crafted PDF document to trigger an out-of-memory condition which is not handled properly. This vulnerability leads to remote code execution.
  • CVE-2019-13326, CVE-2019-13327 and CVE-2019-13328 are Use-After-Free issues in the processing of fields within Acroform objects. These flaws exist due to absence of validation of objects before performing operations on the object. This vulnerability leads to remote code execution.
  • CVE-2019-13329 and CVE-2019-13330 are Type Confusion issues in TIFF files and JPG files respectively. These flaws exist due to lack of proper validation of user-supplied data which leads to remote code execution or application crash.
  • CVE-2019-13331 is an Out-of-Bounds Read issue in parsing of JPG files (JPG File ConvertToPDF). The flaw exists due to lack of proper validation of user-supplied data. This vulnerability leads to remote code execution.
  • CVE-2019-13332 is a Use-After-Free issue in processing of templates in XFA forms. The flaw exists due to absence of validation of objects before performing operations on the object. This vulnerability leads to remote code execution or application crash.

CVE-2019-5031 is the most severe vulnerability. This vulnerability was discovered by Cisco Talos. An attacker can trick a user to open a malicious file to exploit the vulnerability. In cases where the browser plugin extension is enabled, the vulnerability is triggered when a user visits a malicious site. The other high severity flaws were reported by Zero Day Initiative. It is important to note that these vulnerabilities allow an attacker to execute code on the target machine and require user interaction such as visiting a malicious page or opening a malicious file.

CVE-2019-13124 and CVE-2019-13123 are two other RecursiveCall bugs in Foxit Reader which exhaust the available stack memory due to Uncontrolled Recursion in the V8 JavaScript engine. These vulnerabilities can also lead to remote code execution or application crash.

It is recommended to update to the latest release of Foxit Reader at the earliest.


Affected Products

Foxit Reader version 9.6.0.25114 and earlier.


Impact

Successful exploitation of these vulnerabilities could allow an attacker to execute code and cause denial of service.


Solution
Please refer to this KB Article to apply the patches using SanerNow.


 

Share this article