CVE-2018-17781

EUVD-2018-9528
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
foxitsoftwarephantompdf
𝑥
≤ 9.2.0.9297
foxitsoftwarereader
𝑥
≤ 9.2.0.9297
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041769
https://www.foxitsoftware.com/support/security-bulletins.php
http://www.securitytracker.com/id/1041769
https://www.foxitsoftware.com/support/security-bulletins.php