CVE-2008-1942 - Vulnerability Details - OpenCVE

Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Foxit Software	Reader

Configuration 1 [-]

cpe:2.3:a:foxit_software:reader:2.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/29934
http://www.securityfocus.com/bid/28890
http://www.vallejo.cc/proyectos/foxitreader1.htm
http://www.vallejo.cc/proyectos/foxitreader2.htm
http://www.vupen.com/english/advisories/2008/1327/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41972
https://exchange.xforce.ibmcloud.com/vulnerabilities/41973

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-24T19:00:00

Updated: 2024-08-07T08:41:00.180Z

Reserved: 2008-04-24T00:00:00

Link: CVE-2008-1942

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-04-25T06:05:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1942

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29934", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29934"}, {"name": "foxitreader-extgstate-code-execution(41973)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41973"}, {"name": "foxitreader-pdf-xobject-code-execution(41972)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41972"}, {"name": "ADV-2008-1327", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1327/references"}, {"name": "28890", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28890"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vallejo.cc/proyectos/foxitreader2.htm"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vallejo.cc/proyectos/foxitreader1.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29934", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29934"}, {"name": "foxitreader-extgstate-code-execution(41973)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41973"}, {"name": "foxitreader-pdf-xobject-code-execution(41972)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41972"}, {"name": "ADV-2008-1327", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1327/references"}, {"name": "28890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28890"}, {"name": "http://www.vallejo.cc/proyectos/foxitreader2.htm", "refsource": "MISC", "url": "http://www.vallejo.cc/proyectos/foxitreader2.htm"}, {"name": "http://www.vallejo.cc/proyectos/foxitreader1.htm", "refsource": "MISC", "url": "http://www.vallejo.cc/proyectos/foxitreader1.htm"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:41:00.180Z"}, "title": "CVE Program Container", "references": [{"name": "29934", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29934"}, {"name": "foxitreader-extgstate-code-execution(41973)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41973"}, {"name": "foxitreader-pdf-xobject-code-execution(41972)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41972"}, {"name": "ADV-2008-1327", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1327/references"}, {"name": "28890", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28890"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vallejo.cc/proyectos/foxitreader2.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vallejo.cc/proyectos/foxitreader1.htm"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1942", "datePublished": "2008-04-24T19:00:00", "dateReserved": "2008-04-24T00:00:00", "dateUpdated": "2024-08-07T08:41:00.180Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit_software:reader:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A6E2B5C-81D4-4E34-8634-7A50DA93A822", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186."}, {"lang": "es", "value": "El Foxit Reader 2.2 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (caida) y posiblemente la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un fichero PDF con (1) un recurso ExtGState mal construido conteniendo un recurso /Font o (2) un recurso XObject con configuraci\u00f3n Rotate, con iniciadores de corrupci\u00f3n de memoria. NOTA: esta es, probablemente, una vulnerabilidad distinta a CVE-2007-2186\r\n"}], "id": "CVE-2008-1942", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-04-25T06:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29934"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28890"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.vallejo.cc/proyectos/foxitreader1.htm"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.vallejo.cc/proyectos/foxitreader2.htm"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1327/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41972"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.vallejo.cc/proyectos/foxitreader1.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.vallejo.cc/proyectos/foxitreader2.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1327/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41973"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}