CVE-2015-3633

2015-05-0115:59:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-3633

foxit reader

enterprise reader

phantompdf

denial of service

memory corruption

crash

digital signatures

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

Affected configurations

NVD

Node

foxitsoftwareenterprise_readerRange≤7.1.3.320

foxitsoftwareenterprise_readerMatch7.1.0.306

foxitsoftwarefoxit_readerRange≤7.1.3.320

foxitsoftwarefoxit_readerMatch7.1.0.306

foxitsoftwarephantompdfRange≤7.1.3.320

foxitsoftwarephantompdfMatch7.1.0.306

CPENameOperatorVersion
foxitsoftware:enterprise_readerfoxitsoftware enterprise readerle7.1.3.320
foxitsoftware:enterprise_readerfoxitsoftware enterprise readereq7.1.0.306
foxitsoftware:foxit_readerfoxitsoftware foxit readerle7.1.3.320
foxitsoftware:foxit_readerfoxitsoftware foxit readereq7.1.0.306
foxitsoftware:phantompdffoxitsoftware phantompdfle7.1.3.320
foxitsoftware:phantompdffoxitsoftware phantompdfeq7.1.0.306

CPE	Name	Operator	Version
foxitsoftware:enterprise_reader	foxitsoftware enterprise reader	le	7.1.3.320
foxitsoftware:enterprise_reader	foxitsoftware enterprise reader	eq	7.1.0.306
foxitsoftware:foxit_reader	foxitsoftware foxit reader	le	7.1.3.320
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	7.1.0.306
foxitsoftware:phantompdf	foxitsoftware phantompdf	le	7.1.3.320
foxitsoftware:phantompdf	foxitsoftware phantompdf	eq	7.1.0.306