Foxit Products GIF Conversion Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

vendor:

Foxit Reader

by:

Francis Provencher

7.8

CVSS

HIGH

Memory Corruption

125

CWE

Product Name: Foxit Reader

Affected Version From: Foxit Reader 7.x

Affected Version To: Foxit Reader 7.x

Patch Exists: YES

Related CWE: SA63346

CPE: a:foxitsoftware:foxit_reader

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2015

Foxit Products GIF Conversion Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

An error when handling LZWMinimumCodeSize can be exploited to cause memory corruption via a specially crafted GIF file.

Mitigation:

Foxit fixed the issue and released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

Source

Exploit-DB raw data:

#####################################################################################

Application:   Foxit Products GIF Conversion Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

Platforms:   Windows

Versions:   The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.

Secunia:   SA63346

{PRL}:   2015-01

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

 

Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.

(http://en.wikipedia.org/wiki/Foxit_Reader)

#####################################################################################

============================
2) Report Timeline
============================

2015-02-17: Francis Provencher from Protek Research Lab’s found the issue;
2015-02-21: Foxit Security Response Team confirmed the issue;
2015-02-21: Foxit fixed the issue;
2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

#####################################################################################

============================
3) Technical details
============================

An error when handling LZWMinimumCodeSize can be exploited to cause memory corruption via a specially crafted GIF file.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/PRL-2015-01.gif
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36334.gif


###############################################################################