NVD Vulnerability Detail

CVE-2015-2790

Summary	Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
Publication Date	March 30, 2015, 11:59 p.m.
Registration Date	Jan. 26, 2021, 2:48 p.m.
Last Update	Nov. 21, 2024, 11:28 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:foxitsoftware:enterprise_reader::::::::		7.0.6.1126
cpe:2.3:a:foxitsoftware:foxit_reader::::::::		7.0.6.1126
cpe:2.3:a:foxitsoftware:phantompdf::::::::		7.0.6.1126

Related information, measures and tools

No	URL	タグ
1	http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/	Exploit
2	http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize/	Exploit
3	http://protekresearchlab.com/PRL-2015-02/	Exploit
4	http://protekresearchlab.com/PRL-2015-02/	Exploit
5	http://securitytracker.com/id/1031878
6	http://securitytracker.com/id/1031878
7	http://www.exploit-db.com/exploits/36334	Exploit
8	http://www.exploit-db.com/exploits/36334	Exploit
9	http://www.exploit-db.com/exploits/36335	Exploit
10	http://www.exploit-db.com/exploits/36335	Exploit
11	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
12	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
13	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24
14	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24
15	http://www.osvdb.org/119302
16	http://www.osvdb.org/119302
17	http://www.osvdb.org/119303
18	http://www.osvdb.org/119303
19	http://www.securityfocus.com/bid/73430
20	http://www.securityfocus.com/bid/73430
21	http://www.securitytracker.com/id/1031877
22	http://www.securitytracker.com/id/1031877

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

複数の Foxit 製品におけるサービス運用妨害 (DoS) の脆弱性

Title	複数の Foxit 製品におけるサービス運用妨害 (DoS) の脆弱性
Summary	Foxit Reader、Foxit Enterprise Reader、および Foxit PhantomPDF には、サービス運用妨害 (メモリ破損およびクラッシュ) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された (1) DataSubBlock の構造体の Ubyte Size、または (2) GIF 画像の LZWMinimumCodeSize を介して、サービス運用妨害 (メモリ破損およびクラッシュ) の状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 9, 2015, midnight
Registration Date	April 2, 2015, 6:02 p.m.
Last Update	April 2, 2015, 6:02 p.m.

Affected System

Foxit Software Inc

Foxit Enterprise Reader 7.1 未満

Foxit PhantomPDF 7.1 未満

Foxit Reader 7.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-2790	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2790
National Vulnerability Database (NVD)
2	CVE-2015-2790	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2790

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Security bulletins
1	Security updates available for Foxit Reader and Foxit PhantomPDF 7.3.4 (FRD-23)	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23
2	Security updates available for Foxit Reader and Foxit PhantomPDF 7.3.4 (FRD-24)	http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24

Change Log

No	Changed Details	Date of change
0	[2015年04月02日] 掲載	Feb. 17, 2018, 10:37 a.m.