CVE-2015-2790

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Published: Mar 30, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-2790
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
foxitsoftware / enterprise_reader	-	7.0.6.1126.x
foxitsoftware / foxit_reader	-	7.0.6.1126.x
foxitsoftware / phantompdf	-	7.0.6.1126.x

http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/
http://protekresearchlab.com/PRL-2015-02/
http://securitytracker.com/id/1031878
http://www.exploit-db.com/exploits/36334
http://www.exploit-db.com/exploits/36335
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24
http://www.osvdb.org/119302
http://www.osvdb.org/119303
http://www.securityfocus.com/bid/73430
http://www.securitytracker.com/id/1031877

Vulnerability Database

289,697

CVE-2015-2790