Memory Corruption in Foxit PDF Reader
Foxit PDF Reader (version 1.0.1.0925 for Linux 64-bit) is vulnerable to a memory corruption vulnerability when started with a specially crafted PDF file. An example excerpt from the crash log is as follows: Program received signal SIGSEGV, Segmentation fault. 0x0000000000aab96c in CFX_BaseSegmentedArray::IterateIndex(int, int&, void**, int (*)(void*, void*), void*) const () (gdb) where #0 0x0000000000aab96c in CFX_BaseSegmentedArray::IterateIndex(int, int&, void**, int (*)(void*, void*), void*) const () #1 0x0000000000aab9dc in CFX_BaseSegmentedArray::Iterate(int (*)(void*, void*), void*) const () #2 0x0000000000ab1a99 in CFX_CMapByteStringToPtr::Lookup(CFX_ByteStringC const&, void*&) const () #3 0x00000000007db5df in CPDF_Dictionary::KeyExist(CFX_ByteStringC const&) const () #4 0x000000000070e6a6 in CBMTreeCtrl::GotoBookmark(CPDF_Bookmark, CPDF_Bookmark) () #5 0x000000000070e6e3 in CBMTreeCtrl::GotoBookmark(CPDF_Bookmark, CPDF_Bookmark) () #6 0x000000000070f986 in CBMTreeCtrl::on_ItemExpanded(QTreeWidgetItem*) () #7 0x00007ffff63682a6 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #8 0x00007ffff7722612 in QTreeWidget::itemExpanded(QTreeWidgetItem*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #9 0x00007ffff63682a6 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #10 0x00007ffff76ecc92 in QTreeView::expanded(QModelIndex const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #11 0x00007ffff76f8903 in QTreeView::expand(QModelIndex const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #12 0x00007ffff76f8a2f in QTreeView::expand(QModelIndex const&) ()
