CVE-2018-20311: Buffer Overflow
First published: Thu Jan 07 2021(Updated: )
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit PhantomPDF | <8.3.10 | |
| Foxit PhantomPDF | >=9.0<9.5 | |
| Foxit Reader for Windows | <9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-20311.
What software versions are affected by this vulnerability?
Foxit Reader versions before 9.5, PhantomPDF versions before 8.3.10 and 9.x before 9.5 are affected.
What is the severity of CVE-2018-20311?
The severity of CVE-2018-20311 is high with a CVSS score of 8.1.
What is the description of this vulnerability?
The vulnerability in Foxit Reader and PhantomPDF is caused by a race condition that can lead to a stack-based buffer overflow or an out-of-bounds read.
How can I fix the vulnerability in Foxit Reader and PhantomPDF?
To fix the vulnerability, it is recommended to update to the latest version of Foxit Reader (9.5 or above) and PhantomPDF (8.3.10 or above).
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/foxitsoftware
- canonical/foxit phantompdf
- version/foxit phantompdf/9.0
- canonical/foxit reader for windows