cnvd - cnvd-2025-12409

cnvd-2025-12409

Vulnerability from cnvd

Title

Foxit PDF Reader内存破坏漏洞

Description

Foxit PDF Reader是一款用于阅读和处理PDF文档的软件。 Foxit PDF Reader中存在内存破坏漏洞。该漏洞源于原生库在尝试PDF渲染时发生越界写入，导致内存损坏。攻击者可以利用该漏洞实现内存损坏，并可能导致任意代码执行。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.foxit.com

Reference

https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt

Impacted products

Name
Foxit Foxit PDF Reader <=24.003.20054

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-5099",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-5099"
    }
  },
  "description": "Foxit PDF Reader\u662f\u4e00\u6b3e\u7528\u4e8e\u9605\u8bfb\u548c\u5904\u7406PDF\u6587\u6863\u7684\u8f6f\u4ef6\u3002\n\nFoxit PDF Reader\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u539f\u751f\u5e93\u5728\u5c1d\u8bd5PDF\u6e32\u67d3\u65f6\u53d1\u751f\u8d8a\u754c\u5199\u5165\uff0c\u5bfc\u81f4\u5185\u5b58\u635f\u574f\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u5185\u5b58\u635f\u574f\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.foxit.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-12409",
  "openTime": "2025-06-13",
  "products": {
    "product": "Foxit Foxit PDF Reader \u003c=24.003.20054"
  },
  "referenceLink": "https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt",
  "serverity": "\u9ad8",
  "submitTime": "2025-05-30",
  "title": "Foxit PDF Reader\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

CVE-2025-5099 (GCVE-0-2025-5099)

Vulnerability from cvelistv5

Published

2025-05-23 01:05

Modified

2025-05-23 15:40

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787 - Out-of-bounds Write

Summary

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.

References

URL

Tags

https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt

third-party-advisory

Impacted products

	Vendor	Product	Version
	Mobile Dynamix	PrinterShare Mobile Print	Version: 12.15.01

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-5099",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T15:40:23.497578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-23T15:40:38.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Android"
          ],
          "product": "PrinterShare Mobile Print",
          "vendor": "Mobile Dynamix",
          "versions": [
            {
              "status": "affected",
              "version": "12.15.01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability was discovered by Felix Segoviano of KoreLogic, Inc."
        }
      ],
      "datePublic": "2025-05-22T23:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cpre\u003eAn Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-23T01:05:53.182Z",
        "orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
        "shortName": "KoreLogic"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
    "assignerShortName": "KoreLogic",
    "cveId": "CVE-2025-5099",
    "datePublished": "2025-05-23T01:05:53.182Z",
    "dateReserved": "2025-05-22T20:52:26.387Z",
    "dateUpdated": "2025-05-23T15:40:38.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.