CVE-2018-20248 - OpenCVE

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Foxitsoftware	Quick Pdf Library

Configuration 1 [-]

cpe:2.3:a:foxitsoftware:quick_pdf_library:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106306
https://www.foxitsoftware.com/support/security-bulletins.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2018-12-24T19:00:00

Updated: 2024-08-05T11:58:18.792Z

Reserved: 2018-12-19T00:00:00

Link: CVE-2018-20248

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-24T18:29:00.350

Modified: 2019-10-09T23:39:35.790

Link: CVE-2018-20248

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Foxit Quick PDF Library", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to 16.12"}]}], "datePublic": "2018-12-24T00:00:00", "descriptions": [{"lang": "en", "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write (3.1)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-12-26T10:57:02", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"name": "106306", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106306"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "ID": "CVE-2018-20248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Foxit Quick PDF Library", "version": {"version_data": [{"version_value": "All versions prior to 16.12"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write (3.1)"}]}]}, "references": {"reference_data": [{"name": "106306", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106306"}, {"name": "https://www.foxitsoftware.com/support/security-bulletins.php", "refsource": "CONFIRM", "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:18.792Z"}, "title": "CVE Program Container", "references": [{"name": "106306", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106306"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}]}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2018-20248", "datePublished": "2018-12-24T19:00:00", "dateReserved": "2018-12-19T00:00:00", "dateUpdated": "2024-08-05T11:58:18.792Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:quick_pdf_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "7755DB64-8892-44BE-9CC1-664DF7830F19", "versionEndExcluding": "16.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access."}, {"lang": "es", "value": "En Foxit Quick PDF Library (todas las versiones anteriores a la 16.12), hay un problema al cargar un PDF mal formado o malicioso que contiene punteros o datos de tabla xref inv\u00e1lidos. El uso de las funciones LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile o DAOpenFileReadOnly podr\u00eda resultar en una violaci\u00f3n de acceso provocada por un acceso a la memoria fuera de l\u00edmites."}], "id": "CVE-2018-20248", "lastModified": "2019-10-09T23:39:35.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-24T18:29:00.350", "references": [{"source": "cve@checkpoint.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106306"}, {"source": "cve@checkpoint.com", "tags": ["Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}