Vulnerability-Lookup

CNVD-2018-26511

Vulnerability from cnvd - Published: 2018-12-26

Title

Foxit Quick PDF Library越界内存访问漏洞

Description

Foxit Quick PDF Library是中国福昕（Foxit）软件公司的一款PDF SDK（软件开发工具包）。该产品主要用于创建、渲染和编辑PDF文件。 Foxit Quick PDF Library存在越界内存访问漏洞。攻击者可通过包含无效xref表指针或无效xref表数据的畸形或恶意PDF利用该漏洞导致访问冲突。

Severity

中

Patch Name

Foxit Quick PDF Library越界内存访问漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.foxitsoftware.com/support/security-bulletins.php

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-20248

Impacted products

Name
Foxit Quick PDF Library <16.12

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-20248"
    }
  },
  "description": "Foxit Quick PDF Library\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u6b3ePDF SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u521b\u5efa\u3001\u6e32\u67d3\u548c\u7f16\u8f91PDF\u6587\u4ef6\u3002\n\nFoxit Quick PDF Library\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5305\u542b\u65e0\u6548xref\u8868\u6307\u9488\u6216\u65e0\u6548xref\u8868\u6570\u636e\u7684\u7578\u5f62\u6216\u6076\u610fPDF\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbf\u95ee\u51b2\u7a81\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.foxitsoftware.com/support/security-bulletins.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-26511",
  "openTime": "2018-12-26",
  "patchDescription": "Foxit Quick PDF Library\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u6b3ePDF SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u521b\u5efa\u3001\u6e32\u67d3\u548c\u7f16\u8f91PDF\u6587\u4ef6\u3002\r\n\r\nFoxit Quick PDF Library\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5305\u542b\u65e0\u6548xref\u8868\u6307\u9488\u6216\u65e0\u6548xref\u8868\u6570\u636e\u7684\u7578\u5f62\u6216\u6076\u610fPDF\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbf\u95ee\u51b2\u7a81\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foxit Quick PDF Library\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Foxit Quick PDF Library \u003c16.12"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20248",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-25",
  "title": "Foxit Quick PDF Library\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2018-20248 (GCVE-0-2018-20248)

Vulnerability from cvelistv5 – Published: 2018-12-24 19:00 – Updated: 2024-08-05 11:58

Summary

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

Severity

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write (3.1)

Assigner

checkpoint

References

2 references

URL	Tags
http://www.securityfocus.com/bid/106306	vdb-entryx_refsource_BID
https://www.foxitsoftware.com/support/security-bu…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	Foxit Quick PDF Library	Affected: All versions prior to 16.12

Date Public

2018-12-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:58:18.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106306",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Foxit Quick PDF Library",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 16.12"
            }
          ]
        }
      ],
      "datePublic": "2018-12-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write (3.1)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-26T10:57:02.000Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "name": "106306",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2018-20248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Foxit Quick PDF Library",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to 16.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write (3.1)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106306",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106306"
            },
            {
              "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
              "refsource": "CONFIRM",
              "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2018-20248",
    "datePublished": "2018-12-24T19:00:00.000Z",
    "dateReserved": "2018-12-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:58:18.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-26511

CVE-2018-20248 (GCVE-0-2018-20248)

Tags

Sightings

Nomenclature