Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2790

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-2790
Last Modified 02 Jul 2015 01:28:54
Published 30 Mar 2015 10:59:10
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2790

Summary

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Vulnerable Systems

Application

  • Foxitsoftware Enterprise Reader 7.0.6.1126

  • Foxitsoftware Foxit Reader 7.0.6.1126

  • Foxitsoftware Phantompdf 7.0.6.1126

  • Foxitsoftware Reader 7.0.6.1126


References

SECTRACK - 1031877

CONFIRM - http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24

CONFIRM - http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23

SECTRACK - 1031878

MISC - http://protekresearchlab.com/PRL-2015-02/

MISC - http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/

OSVDB - 119303

OSVDB - 119302

EXPLOIT-DB - 36335

EXPLOIT-DB - 36334


Last Updated: 27 May 2016 11:09:06