Lucene search
CeceZDI-21-352HistoryMar 22, 2021 - 12:00 a.m.
Foxit PhantomPDF JPEG2000 Parsing Out-Of Bounds Read Remote Code Execution Vulnerability
2021-03-2200:00:00
cece
www.zerodayinitiative.com
24
vulnerability
remote code execution
foxit phantompdf
jpeg2000
image parsing
user interaction
malicious page
malicious file
validation
user-supplied data
allocated structure
current process
EPSS
0.002
Percentile
55.0%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
nessus
nessus
Foxit Reader < 10.1.3 RCE
2021-03-22 00:00:00
Foxit PhantomPDF < 10.1.3 RCE
2021-03-22 00:00:00
prion
prion
Design/Logic Flaw
2021-03-30 15:15:00
cve
cve
CVE-2021-27270
2021-03-30 15:15:16
cvelist
cvelist
CVE-2021-27270
2021-03-30 14:35:37
nvd
nvd
CVE-2021-27270
2021-03-30 15:15:16
kaspersky
kaspersky
KLA12126 ACE vulnerability in Foxit Reader
2021-03-22 00:00:00