{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93608", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93608"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8878", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93608"}, {"name": "https://www.foxitsoftware.com/support/security-bulletins.php", "refsource": "CONFIRM", "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:02.196Z"}, "title": "CVE Program Container", "references": [{"name": "93608", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93608"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8878", "datePublished": "2016-10-31T10:00:00.000Z", "dateReserved": "2016-10-21T00:00:00.000Z", "dateUpdated": "2024-08-06T02:35:02.196Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A3E2E5C8-6D6E-404F-87D0-B3F8DB72C9BE", "versionEndIncluding": "8.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:windows:*:*", "matchCriteriaId": "67E21136-133D-46B7-B163-E648DF9B9F1B", "versionEndIncluding": "8.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en Foxit Reader y PhantomPDF en versiones anteriores a 8.1 en Windows, cuando se habilita la aplicaci\u00f3n gflags, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada incrustada en el flujo XFA en un documento PDF, vulnerabilidad tambi\u00e9n conocida como \"Data de Faulting Address puede ser usada como un valor de retorno a partir de FOXITREADER\"."}], "id": "CVE-2016-8878", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-31T10:59:14.007", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93608"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}