Lucene search
PRIOn knowledge basePRION:CVE-2018-16296HistoryOct 08, 2018 - 4:29 p.m.
Design/Logic Flaw
2018-10-0816:29:00
PRIOn knowledge base
www.prio-n.com
3
0.002 Low
EPSS
Percentile
61.2%
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phantompdf | le | 9.2.0.9297 | |
| reader | le | 9.2.0.9297 |
Related
nvd
nvd
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2018-10-08 16:29:00
Design/Logic Flaw
2018-10-08 16:29:00
Design/Logic Flaw
2018-10-08 16:29:00
openvas
openvas
Foxit Reader < 9.3 Multiple Vulnerabilities - Windows
2018-10-03 00:00:00
Foxit PhantomPDF < 9.3 Multiple Vulnerabilities - Windows
2018-10-03 00:00:00
nessus
nessus
Foxit Reader < 9.3 Multiple Vulnerabilities
2018-10-12 00:00:00
Foxit PhantomPDF < 8.3.8 Multiple Vulnerabilities
2018-11-30 00:00:00
Foxit PhantomPDF < 9.3 Multiple Vulnerabilities
2018-10-12 00:00:00