The Foxit JPEG2000/JBIG2 Decoder add-on prior to 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
foxitsoftware foxit_reader 3.0 |
||
foxitsoftware foxit_reader 3.0.2009.1301 |
||
foxitsoftware jpeg2000\\/jbig2_decoder_add-on 2.0.2009.303 |