Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities
High Nessus Plugin ID 119835
SynopsisA PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities:
- Arbitrary Write supporting remote code execution.
- Use-After-Free resulting in remote code execution.
- Out-of-Bounds Read leading to information disclosure.
- Use-Before-Initialization resulting in an unexpected crash.
- Null Pointer Read or Null Pointer Deference creating an unexpected crash.
SolutionUpgrade to Foxit PhantomPDF version 7.3.13 or later.