Foxit Reader PDF Parsing Memory Corruption

vendor:

Foxit Reader

by:

Francis Provencher

7.5

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: Foxit Reader

Affected Version From: Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320.

Affected Version To: Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320.

Patch Exists: YES

Related CWE: SA63346

CPE: foxit-reader

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2015

Foxit Reader PDF Parsing Memory Corruption

A memory corruption occured within the LZW algorithm that is used to decode GIF. A specifically crafted GIF could lead to a controled memory corruption.

Mitigation:

Foxit fixed the issue in April 2015

Source

Exploit-DB raw data:

#####################################################################################

Application:   Foxit Reader PDF Parsing  Memory Corruption

Platforms:   Windows

Versions:   The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320.

Secunia:   SA63346

{PRL}:   2015-05

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.

(http://en.wikipedia.org/wiki/Foxit_Reader)

#####################################################################################

============================
2) Report Timeline
============================

2015-04-09: Francis Provencher from Protek Research Lab’s found the issue;
2015-04-13: Foxit Security Response Team confirmed the issue;
2015-04-28: Foxit fixed the issue;
#####################################################################################

============================
3) Technical details
============================

A memory corruption occured within the LZW algorithm that is used to decode GIF. A specifically crafted GIF could lead to a controled memory corruption.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/PRL-2015-05.pdf
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36859.pdf


###############################################################################