Security Vulnerability Fixed in JPEG2000/JBIG Decoder

Fremont, Calif. – Mar. 11, 2009 - A security vulnerability “JBIG2 Symbol Dictionary Processing” in one of the critical add-ons of Foxit Reader 2.3 and 3.0 - JPEG2000/JBIG Decoder version 2.0.2008.715 has been fixed. For Foxit Reader users who have downloaded and used the JPEG2000/JBIG Decoder, please go to "Check for Updates Now" in Reader help menu to update the add-on to the latest version 2.0.2009.303 or click here to download the latest version 2.0.2009.303.

Security Vulnerability Description

While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls.

For more information about the fixed security vulnerability, please visit Foxit security bulletins.


Click here to download the latest Foxit Reader 3.0 now!
Click here to download the latest JPEG2000/JBIG Decoder add-on!