CVE-2014-4646
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| foxitsoftware | foxit_pdf_sdk_dll | {"endIncluding":"3.1.1.2927"} | |
References
- http://secunia.com/advisories/59494
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20
- http://www.zerodayinitiative.com/advisories/ZDI-14-214
- http://secunia.com/advisories/59494
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20
- http://www.zerodayinitiative.com/advisories/ZDI-14-214
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.