CPR-Zero: CVE-2018-20248

Information

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

Crash Dump

None

PoCs

Attached

Attachments:
id_000315_00
OOBRAF_id_000262_00.pdf
OOBR_id_000011_00.pdf
OOBR_id_000333_00.pdf
RESERVED_id_000111_00.pdf
Unalloc_id_000224_00.pdf
Unalloc_id_000314_00.pdf

References:
https://www.foxitsoftware.com/support/security-bulletins.php

Share this: