Severity Rating: MEDIUM
Foxit Reader 10.1.0.37527 and earlier
Foxit PhantomPDF 10.1.0.37527 and earlier
Multiple vulnerabilities has been reported in Foxit Reader and Foxit
Phantom PDF for windows where a null pointer access/dereference while
opening a crafted PDF file lead to application crash and DoS.
The application could be exposed to Denial of Service vulnerability and
crash when opening certain PDF files that contained illegal value in the
/Size entry of the Trail dictionary. This occurs due to the array overflow
as the illegal value in the /Size entry causes an error in initializing the
array size for storing the compression object streams, and an object number
which is larger than the initialization value is used as the array index
while parsing the cross-reference streams.
Successful exploitation of this vulnerability could allow the attacker to
cause denial-of-service in Foxit Reader and Foxit Phantom PDF.
Apply appropriate fix as mentioned in Foxit Advisory