cvelistv5 - cve-2019-5031

CVE-2019-5031 (GCVE-0-2019-5031)

Vulnerability from cvelistv5 – Published: 2019-10-02 15:55 – Updated: 2024-08-04 19:40

Summary

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-703 - Improper Check or Handling of Exceptional Conditions

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Foxit	Affected: Foxit Software Foxit PDF Reader 9.4.1.16828.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:49.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Foxit",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Foxit Software Foxit PDF Reader 9.4.1.16828."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T17:33:03",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Foxit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Foxit Software Foxit PDF Reader 9.4.1.16828."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.8,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2019-5031",
    "datePublished": "2019-10-02T15:55:15",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:40:49.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.4.1.16828\", \"matchCriteriaId\": \"22640335-97F3-4F7D-8814-640E7FC925E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.4.1.16828\", \"matchCriteriaId\": \"8B840A8F-7934-46E0-83E7-A64A712C1783\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de corrupci\\u00f3n de memoria explotable en el motor de JavaScript de Foxit PDF Reader del Software Foxit , versi\\u00f3n 9.4.1.16828. Un documento PDF especialmente dise\\u00f1ado puede desencadenar una condici\\u00f3n de falta de memoria que no es manejada apropiadamente, resultando en una ejecuci\\u00f3n de c\\u00f3digo arbitrario. Un atacante necesita enga\\u00f1ar al usuario para que abra el archivo malicioso para activar esta vulnerabilidad. Si la extensi\\u00f3n del plugin del navegador est\\u00e1 habilitada, visitando un sitio malicioso tambi\\u00e9n puede desencadenar la vulnerabilidad.\"}]",
      "id": "CVE-2019-5031",
      "lastModified": "2024-11-21T04:44:12.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-10-02T16:15:14.350",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-703\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5031\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2019-10-02T16:15:14.350\",\"lastModified\":\"2024-11-21T04:44:12.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de corrupci\u00f3n de memoria explotable en el motor de JavaScript de Foxit PDF Reader del Software Foxit , versi\u00f3n 9.4.1.16828. Un documento PDF especialmente dise\u00f1ado puede desencadenar una condici\u00f3n de falta de memoria que no es manejada apropiadamente, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante necesita enga\u00f1ar al usuario para que abra el archivo malicioso para activar esta vulnerabilidad. Si la extensi\u00f3n del plugin del navegador est\u00e1 habilitada, visitando un sitio malicioso tambi\u00e9n puede desencadenar la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-703\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.1.16828\",\"matchCriteriaId\":\"22640335-97F3-4F7D-8814-640E7FC925E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.1.16828\",\"matchCriteriaId\":\"8B840A8F-7934-46E0-83E7-A64A712C1783\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2019-5031

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5031

Aliases

CVE-2019-5031

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5031",
    "description": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
    "id": "GSD-2019-5031"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5031"
      ],
      "details": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
      "id": "GSD-2019-5031",
      "modified": "2023-12-13T01:23:54.811902Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2019-5031",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Foxit",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Foxit Software Foxit PDF Reader 9.4.1.16828."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 8.8,
          "baseSeverity": "High",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.1.16828",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.1.16828",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5031"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-07T18:40Z",
      "publishedDate": "2019-10-02T16:15Z"
    }
  }
}

FKIE_CVE-2019-5031

Vulnerability from fkie_nvd - Published: 2019-10-02 16:15 - Updated: 2024-11-21 04:44

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	foxitsoftware	phantompdf	*
	foxitsoftware	reader	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22640335-97F3-4F7D-8814-640E7FC925E7",
              "versionEndIncluding": "9.4.1.16828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B840A8F-7934-46E0-83E7-A64A712C1783",
              "versionEndIncluding": "9.4.1.16828",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de corrupci\u00f3n de memoria explotable en el motor de JavaScript de Foxit PDF Reader del Software Foxit , versi\u00f3n 9.4.1.16828. Un documento PDF especialmente dise\u00f1ado puede desencadenar una condici\u00f3n de falta de memoria que no es manejada apropiadamente, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante necesita enga\u00f1ar al usuario para que abra el archivo malicioso para activar esta vulnerabilidad. Si la extensi\u00f3n del plugin del navegador est\u00e1 habilitada, visitando un sitio malicioso tambi\u00e9n puede desencadenar la vulnerabilidad."
    }
  ],
  "id": "CVE-2019-5031",
  "lastModified": "2024-11-21T04:44:12.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T16:15:14.350",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-703"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-475

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Foxit Reader et 3D Plugin Beta. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	PDF Reader	Foxit Reader versions antérieures à 9.7
	Foxit	PDF Reader	3D Plugin Beta pour Foxit Reader versions antérieures à 9.7.0.29430

References

Title

Publication Time

Tags

Bulletin de sécurité Foxit du 29 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit Reader versions ant\u00e9rieures \u00e0 9.7",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "3D Plugin Beta pour Foxit Reader versions ant\u00e9rieures \u00e0 9.7.0.29430",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5031"
    },
    {
      "name": "CVE-2019-13124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13124"
    },
    {
      "name": "CVE-2019-13123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13123"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-475",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Foxit Reader et 3D\nPlugin Beta. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Foxit Reader et 3D Plugin Beta",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Foxit du 29 septembre 2019",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ]
}

CERTFR-2019-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Foxit. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	N/A	Foxit PhantomPDF Mac versions antérieures à 3.4
	Foxit	N/A	Foxit PhantomPDF versions antérieures à 9.7

References

Title

Publication Time

Tags

Bulletin de sécurité Foxit du 18 octobre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit PhantomPDF Mac versions ant\u00e9rieures \u00e0 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "Foxit PhantomPDF versions ant\u00e9rieures \u00e0 9.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5031"
    },
    {
      "name": "CVE-2019-13124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13124"
    },
    {
      "name": "CVE-2019-17183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17183"
    },
    {
      "name": "CVE-2019-13123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13123"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Foxit.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Foxit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Foxit du 18 octobre 2019",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ]
}

CERTFR-2019-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Foxit. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	N/A	Foxit PhantomPDF Mac versions antérieures à 3.4
	Foxit	N/A	Foxit PhantomPDF versions antérieures à 9.7

References

Title

Publication Time

Tags

Bulletin de sécurité Foxit du 18 octobre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit PhantomPDF Mac versions ant\u00e9rieures \u00e0 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "Foxit PhantomPDF versions ant\u00e9rieures \u00e0 9.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5031"
    },
    {
      "name": "CVE-2019-13124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13124"
    },
    {
      "name": "CVE-2019-17183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17183"
    },
    {
      "name": "CVE-2019-13123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13123"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Foxit.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Foxit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Foxit du 18 octobre 2019",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ]
}

CERTFR-2019-AVI-475

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	PDF Reader	Foxit Reader versions antérieures à 9.7
	Foxit	PDF Reader	3D Plugin Beta pour Foxit Reader versions antérieures à 9.7.0.29430

References

Title

Publication Time

Tags

Bulletin de sécurité Foxit du 29 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit Reader versions ant\u00e9rieures \u00e0 9.7",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "3D Plugin Beta pour Foxit Reader versions ant\u00e9rieures \u00e0 9.7.0.29430",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5031"
    },
    {
      "name": "CVE-2019-13124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13124"
    },
    {
      "name": "CVE-2019-13123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13123"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-475",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Foxit Reader et 3D\nPlugin Beta. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Foxit Reader et 3D Plugin Beta",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Foxit du 29 septembre 2019",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ]
}

GHSA-V8Q7-Q2CX-MH43

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:08

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-703",
      "CWE-755",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-02T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn\u0027t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
  "id": "GHSA-v8q7-q2cx-mh43",
  "modified": "2024-04-04T02:08:08Z",
  "published": "2022-05-24T16:57:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5031"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-04111

Vulnerability from cnvd - Published: 2020-02-07

Title

Foxit Reader V8引擎内存破坏漏洞

Description

Foxit Reader是中国福昕（Foxit）公司的一款PDF文档阅读器。V8是其中的一个开源JavaScript引擎。基于Windows平台的Foxit Reader 9.6.0.25114及之前版本中的V8引擎存在安全漏洞。攻击者诱使用户打开构造的PDF文档利用此漏洞，导致任意代码执行。如果启用了浏览器插件，浏览恶意网站也会触发此漏洞。

Severity

中

Patch Name

Foxit Reader V8引擎内存破坏漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.foxitsoftware.com/support/security-bulletins.php

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5031

Impacted products

Name
Foxit Reader <=9.6.0.25114

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5031",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5031"
    }
  },
  "description": "Foxit Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u6587\u6863\u9605\u8bfb\u5668\u3002V8\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90JavaScript\u5f15\u64ce\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Foxit Reader 9.6.0.25114\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684V8\u5f15\u64ce\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u6784\u9020\u7684PDF\u6587\u6863\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u5982\u679c\u542f\u7528\u4e86\u6d4f\u89c8\u5668\u63d2\u4ef6\uff0c\u6d4f\u89c8\u6076\u610f\u7f51\u7ad9\u4e5f\u4f1a\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.foxitsoftware.com/support/security-bulletins.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04111",
  "openTime": "2020-02-07",
  "patchDescription": "Foxit Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u6587\u6863\u9605\u8bfb\u5668\u3002V8\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90JavaScript\u5f15\u64ce\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Foxit Reader 9.6.0.25114\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684V8\u5f15\u64ce\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u6784\u9020\u7684PDF\u6587\u6863\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u5982\u679c\u542f\u7528\u4e86\u6d4f\u89c8\u5668\u63d2\u4ef6\uff0c\u6d4f\u89c8\u6076\u610f\u7f51\u7ad9\u4e5f\u4f1a\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foxit Reader V8\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Foxit Reader \u003c=9.6.0.25114"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5031",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-09",
  "title": "Foxit Reader V8\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5031 (GCVE-0-2019-5031)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature