vulnerability
Foxit Reader: CVE-2017-14694: Improper Restriction of Operations within the Bounds of a Memory Buffer
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Sep 22, 2017 | Jan 24, 2020 | May 4, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 22, 2017
Added
Jan 24, 2020
Modified
May 4, 2026
Description
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".
Solution
foxit_reader-update-latest
References
- CVE-2017-14694
- https://attackerkb.com/topics/CVE-2017-14694
- http://www.securityfocus.com/bid/101009
- http://www.securitytracker.com/id/1040038
- https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14694
- https://www.foxitsoftware.com/support/security-bulletins.php
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-6193
- CWE-119
- EUVD-EUVD-2017-6193
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.