CVE-2019-5130

Name
CVE-2019-5130
Description
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:* phantompdf >= None <= 9.7.0.29435
cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:* reader >= None <= 9.7.0.29435

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
reader 3.19-community 0.4.4-r4 Adam Thiede <me@adamthiede.com> possibly vulnerable
reader 3.20-community 0.4.5-r0 Adam Thiede <me@adamthiede.com> possibly vulnerable
reader edge-community 0.4.5-r0 Adam Thiede <me@adamthiede.com> possibly vulnerable