CVE-2016-8334 MEDIUM

CVE-2016-8334

Vendor Foxit Software
Product Foxit Reader
Published January 6, 2017
Last update August 6, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.

Key dates

02Disclosure timeline

January 6, 2017 CVE published
August 6, 2024 Record updated