CVE-2017-17557

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
24/04/2018
Last modified:
05/06/2018

Description

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:* 9.1 (excluding)
cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:* 9.1 (excluding)