CVE-2019-5005
First published: Thu Jan 03 2019(Updated: )
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit Reader | <9.4 | |
| Microsoft Windows | ||
| Foxit PhantomPDF | <9.4 | |
| All of | ||
| Foxit Reader | <9.4 | |
| Microsoft Windows | ||
| All of | ||
| Foxit PhantomPDF | <9.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-5005?
CVE-2019-5005 is classified as a Denial of Service vulnerability that may cause application crashes.
How do I fix CVE-2019-5005?
To fix CVE-2019-5005, update Foxit Reader or PhantomPDF to version 9.4 or later.
Which software is affected by CVE-2019-5005?
CVE-2019-5005 affects Foxit Reader and PhantomPDF versions before 9.4 on Windows.
What type of vulnerability is CVE-2019-5005?
CVE-2019-5005 is a vulnerability that allows for Denial of Service via improper handling of image data.
Can CVE-2019-5005 cause data loss?
While CVE-2019-5005 primarily causes application crashes, improper conditions could potentially lead to data loss.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/foxitsoftware
- canonical/foxit reader
- vendor/microsoft
- canonical/microsoft windows
- canonical/foxit phantompdf