Security bulletins

A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Here is information on some enhancements that make our software even more robust.

Please click here to report a potential security vulnerability.

Foxit© Reader is a fast, secure and inexpensive way to view PDF files. Over 400 million people have already made the switch to Foxit Reader. If you are not already using Foxit to manage all your PDFs, we encourage you to upgrade today. The latest version of Foxit Reader is available on our website: https://www.foxitsoftware.com/products/pdf-reader/.

At the core of Foxit Reader is a secure processing engine that is also powering platforms such as Google Chrome, Google Gmail and Amazon Kindle. Billions of people exchange sensitive over these platforms and do so confidently.

Even in the face of continual threats from hackers and other criminals, Foxit Reader is secure enough to withstand any cybersecurity attack. It is important, therefore, that you use authentic Foxit Software.

Some of our customers find it more convenient to download Foxit Reader from one of our partner sites. No matter where you are downloading our software from, be sure to confirm that Foxit Software Incorporated is identified as the verified publisher when the User Account Control popup window appears (see figure 1 below). The Foxit logo should also be included in the window.

Figure 1: User Account Control popup window confirming authenticity of Foxit Reader software download

If you have previously downloaded Foxit Reader and are unsure about the authenticity of your reader, follow these steps:

  1. Double click on the install directory and locate the FoxitReader.exe file
  2. Right click on the .exe file and select Properties
  3. In the FoxitReader Properties Window, choose the Digital Signatures tab and check that the file is signed by Foxit Software Incorporated (see figure 2 below).

Figure 2: Digital Signature Details popup window confirming authenticity of Foxit Reader software installation

Don't risk of exposing yourself to security risks—use only genuine Foxit Software.

Please don't hesitate to contact us if you have any questions: security-ml@foxitsoftware.com.

Security updates available in Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2

 

Release date: August 8, 2016

Platform: Windows, Mac OS X, Linux

Summary

Foxit has released Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2, which address security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.0.0.624 and earlier

Windows

Foxit Reader

2.0.0.0625 and earlier

Mac OS X

Foxit Reader

1.1.1.0602 and earlier

Linux

Foxit PhantomPDF

8.0.1.628 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates (Now)” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website. Note that purchasing a license may be necessary to use PhantomPDF beyond the trial period.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information.

Ke Liu of Tencent’s Xuanwu LAB
Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code.

Rocco Calvi and Steven Seeley of Source Incite

Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Himanshu Mehta

Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867).

Steven Seeley of Source Incite
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak.

Steven Seeley of Source Incite 5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative

Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868).

Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 8.0

 

Release date: June 27, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 8.0, which address security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.3.4.311 and earlier

Windows

Foxit PhantomPDF

7.3.4.311 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website. Note that purchasing a license may be necessary to use PhantomPDF beyond the trial period.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”.

Rocco Calvi

Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168).

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative
Kushal Arvind Shah of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources.

Björn Ruytenberg working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file.

insertscript working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file.

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file.

AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file.

kdot and anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values.

Steven Seeley of Source Incite

Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string.

Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description.

Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files.

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169).

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader for Linux 1.1.1

 

Release date: June 12, 2016

Platform: Linux

Summary

Foxit has released Foxit Reader for Linux 1.1.1, which addresses security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

1.1.0.0225 and earlier

Linux

Solution

Update your application to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, click on “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could crash unexpectedly due to memory corruption or invalid read when opening a specially crafted PDF file, which could be leveraged by attackers to execute a controlled crash.

Mateusz Jurczyk of Google Project Zero

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.9

 

Release date: August 22, 2016

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.9, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.4.311 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information.

Ke Liu of Tencent’s Xuanwu LAB
Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code.

Rocco Calvi and Steven Seeley of Source Incite

Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Himanshu Mehta

Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867).

Steven Seeley of Source Incite
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak.

Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative

Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868).

Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”.

Rocco Calvi

Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168).

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative
Kushal Arvind Shah of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources.

Björn Ruytenberg working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file.

insertscript working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file.

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file.

AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file.

kdot and anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values.

Steven Seeley of Source Incite

Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string.

Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description.

Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files.

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169).

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.3.4

 

Release date: March 16, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3.4, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.3.0.118 and earlier

Windows

Foxit PhantomPDF

7.3.0.118 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could still use the pointer after the object it pointed had been removed, which could cause an application crash.

Mateusz Jurczyk, Google Project Zero

Addressed a potential issue where the application could crash caused by the error in parsing malformed content stream.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application recursively called the format error of some PDFs and led to no response when opening the PDF.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could not parse the image content in the document normally.

Jaanus Kp, Clarified Security, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer.

Mario Gomes(@NetFuzzer), working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the application could crash caused by the error in decoding corrupted images during PDF conversion with the gflags app enabled.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where XFA’s underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA.

kdot, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the application could call JavaScripts to do Save As or Print when closing the document.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the TimeOut function responded incorrectly and could cause the application crash.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.3

 

Release date: Jan. 20, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.8.1124 and earlier

Windows

Foxit PhantomPDF

7.2.2.929 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution Vulnerability.

Mario Gomes(@NetFuzzer), working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to the WillClose Action Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to remote code execution vulnerability when opening certain PDF file with images.

Rocco Calvi, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to XFA FormCalc Replace Integer Overflow Vulnerability.

HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Remote Code Execution Vulnerability due to JBIG2 Out-of-Bounds Read.

kdot, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing certain PDF files that contain malformed images.

Francis Provencher, COSIG

Addressed a potential issue where the application could crash unexpectedly when converting certain image with incorrect image data.

kdot, working with HP's Zero Day Initiative

Addressed a potential Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability.

Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to DLL hijacking vulnerability when trying to load xpsp2res.dll or phoneinfo.dll.

Ke Liu of Tencent’s Xuanwu LAB

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.2.2

 

Release date: October 8, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2.2, which fixed some security issues where the application could be exposed to some vulnerabilities or crash unexpectedly.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.0.722 and earlier

Windows

Foxit PhantomPDF

7.2.0.722 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attacker could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code.

Zhipeng Huo of Tencent's Xuanwu Lab

Addressed a potential issue where the application could crash unexpectedly when opening certain secured PDF files.

kdot, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when printing certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when saving certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability.

AbdulAziz Hariri and Jasiel Spelman, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly due to recursive reference.

Guillaume Endignoux of ANSSI

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.2

 

Release date: July 29, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.5.425 and earlier

Windows

Foxit Enterprise Reader

7.1.5.425 and earlier

Windows

Foxit PhantomPDF

7.1.5.425 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers could exploit a PDF creator plugin vulnerability to execute arbitrary code.

Sascha Schirra

Addressed a potential issue where the applications could be exposed to a remote code execution when converting a TIFF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Addressed a potential issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Addressed a potential issue where memory corruption may occur when opening certain XFA forms.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit MobilePDF for Android 3.3.2

 

Release date: May 18, 2015

Platform: Android

Summary

Foxit has released Foxit MobilePDF for Android 3.3.2, which addresses a security vulnerability that could potentially allow an attacker to intercept the username and password of user’s cloud service.

Affected versions

Product

Affected versions

Platform

Foxit MobilePDF for Android

3.3.1 and earlier

Android

Foxit MobilePDF Business for Android

3.3.1 and earlier

Android

Solution

Update your applications to the latest versions by following one of the instructions below.

  • Click here to download the updated version of Foxit MobilePDF for Android.
  • Click here to download the updated version of Foxit MobilePDF Business for Android.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where credentials of cloud services may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF.

Sam Bowne

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5

 

Release date: April 24, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5, which address security vulnerabilities that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit Enterprise Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit PhantomPDF

7.1.0.306, 7.1.2.311, 7.1.3.320

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where memory corruption may occur when parsing a PDF file that contains an invalid stream.

Francis Provencher of Protek Research Lab's

Addressed a potential issue where memory corruption may occur during digital signature verification.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1, which address security vulnerabilities that could potentially allow an attacker to execute malicious file or controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.0.6.1126 and earlier

Windows

Foxit Enterprise Reader

7.0.6.1126 and earlier

Windows

Foxit PhantomPDF

7.0.6.1126 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files.

Aljaz Ceru of InSec

Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF SDK ActiveX 5.0.2.924

 

Release date: September 29, 2014

Platform: Windows

Summary

Foxit has released Foxit PDF SDK ActiveX 5.0.2.924, which addresses a security vulnerability where applications built on Foxit PDF SDK ActiveX could be exposed to Buffer Overflow.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK ActiveX

2.3 to 5.0.1.820

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK ActiveX 5.0.2.924.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method.

Andrea Micalizzi (rgod), working with Hewlett-Packard's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1

 

Release date: July 1, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1 which address a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.2.0.429 and earlier

Windows

Foxit Enterprise Reader

6.2.0.429 and earlier

Windows

Foxit PhantomPDF

6.2.0.429 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page.

Bernardo Rodrigues

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF SDK DLL 3.1.1.5005

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit PDF SDK DLL 3.1.1.5005, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK DLL

3.1.1.2927 and earlier

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK DLL 3.1.1.5005.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method.

Hewlett-Packard’s Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 6.1.4

 

Release date: February 19, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader 6.1.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.1.2.1224

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where Foxit Reader tried to load imgseg.dll, which could be exploited.

Hossam Hosam

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3

 

Release date: February 7, 2013

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3, which address a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.4 and earlier

Windows

Foxit PhantomPDF

5.4.2 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader or Foxit PhantomPDF, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Advanced PDF Editor 3.0.4.0

 

Release date: January 14, 2013

Platform: Windows

Summary

Foxit has released Foxit Advanced PDF Editor 3.0.4.0, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Advanced PDF Editor

3.0.0.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception.

CERT Coordination Center

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4.3

 

Release date: September 26, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.3, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.2.0901 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the insecure application loading libraries could be exploited to attack the application.

Parvez Anwar of Secunia SVCRP

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4

 

Release date: September 6, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.3.1.0606 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file.

Remy Brands

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.3

 

Release date: May 3, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.3, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.4.0104 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue where users cannot open the attachments of PDF files in XP and Windows7.

John Leitch of Microsoft Vulnerability Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.1.3

 

Release date: December 7, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.1.3, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.0.1021 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities when opening certain PDF files.

Alex Garbutt of iSEC Partners, Inc.

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.0.2

 

Release date: July 21, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0.2, which addresses security vulnerabilities that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue of arbitrary code execution when opening certain PDF files.

Rob Kraus of Security Consulting Services (SCS)

Addressed an issue of Foxit Reader when opening certain PDF files in a web browser.

Dmitriy Pletnev of Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.0

 

Release date: May 26, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0, which addresses a security vulnerability that could potentially allow an attacker to execute malicious code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3.1.0218 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue of Foxit Reader when opening some affected PDF files.

Brett Gervasoni of Sense of Security Pty Ltd

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.3.1.0218

 

Release date: February 24, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 4.3.1.0218, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue of the Foxit Reader software that is caused by illegal accessing memory.

Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.2

 

Release date: September 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.2, which addresses a security vulnerability that could potentially allow an attacker to compromise the digital signature.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.1 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential identity theft issue caused by the security flaw of the digital signature.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.1.1.0805

 

Release date: August 6, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.1.1.0805, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential crash issue caused by the new iPhone/iPad jailbreak program efficiently and prevents the malicious attacks to your computer.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.0.0.0619

 

Release date: June 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.0.0.0619, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by numerical overflow in the freetype engine when opening some PDF files.

David Seidman of Microsoft and Microsoft Vulnerability Research (MSVR)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.2.1.0401

 

Release date: April 1, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 3.2.1.0401, which addresses a security vulnerability that could potentially allow an attacker to execute the embedded program inside a PDF.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.2.0.0303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user's permission.

Didier Stevens

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Firefox Plugin 1.1.2009.1117 for Foxit Reader

 

Release date: November 17, 2009

Platform: Windows

Summary

Foxit has released Firefox Plugin 1.1.2009.1117 for Foxit Reader, which addresses memory corruption vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.1.2.1013 and 3.1.2.1030

Windows

Solution

  • Click here to download the updated version of Firefox Plugin for Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll), which could be exploited to trigger a memory corruption.

Foxit and Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

 

Release date: June 19, 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616, which address security vulnerabilities that could potentially result in invalid address access.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

JPEG2000/JBIG2 Decoder Add-on

2.0.2009.303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of JPEG2000/JBIG2 Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address.

CERT

Addressed a potential issue related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access.

CERT

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.0 Build 1506

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1506, which addresses stack-based buffer overflow and security authorization bypass vulnerabilities.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a stack-based buffer overflow vulnerability.

Foxit Security Response Team

Addressed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 2.3 Build 3902

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 2.3 Build 3902, which addresses security authorization bypass vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in JPEG2000/JBIG Decoder Add-on 2.0.2009.303

 

Release date: March 9, 2009

Platform: Windows

Summary

Foxit has released JPEG2000/JBIG Decoder Add-on 2.0.2009.303, which addresses JBIG2 symbol dictionary processing vulnerability.

Affected versions

Product

Affected versions

Platform

JPEG2000/JBIG Decoder Add-on

2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of JPEG2000/JBIG Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Addressed a JBIG2 symbol dictionary processing vulnerability.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Ask Toolbar ToolbarSettings ActiveX Control Buffer Overflow

 

The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn't have the reported vulnerability.

Click here to check the related report on secunia.com