Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability Key Information Advisory ID: ZDI-18-749, ZDI-CAN-6221 CVE ID: CVE-2018-14289 CVSS Score: 4.3, AV:N/AC:M/Au:N/C:P/I:N/A:N Affected Vendor: Foxit Affected Product: Reader Vulnerability Details This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability by visiting a malicious page or opening a malicious file. The flaw is in the parsing of PDF documents, resulting from improper validation of user-supplied data, causing a read past the end of an allocated object. It can be exploited with other vulnerabilities to execute arbitrary code. Additional Details Foxit has released an update to address this vulnerability. For more details, visit: https://www.foxitsoftware.com/support/security-bulletins.php Disclosure Timeline 2018-05-16: Vulnerability reported to vendor 2018-07-19: Coordinated public release of advisory 2018-07-19: Advisory Updated Credit Anonymous