How severe is CVE-2018-3843?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2018-3843?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2018-3843

MEDIUM Year: 2018

CVSS v3 Score

6.5

Medium

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-704

View all →

Vulnerability Description

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

CVE-2018-12793

MEDIUM

CVSS:6.5(Medium)

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbi...

CWE-7042018

CVE-2025-20072

MEDIUM

CVSS:6.5(Medium)

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted mali...

CWE-7042025

CVE-2025-21088

MEDIUM

CVSS:6.5(Medium)

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which a...

CWE-7042025

CVE-2022-21786

MEDIUM

CVSS:6.7(Medium)

In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...

CWE-7042022

CVE-2019-12693

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vul...

CWE-7042019

CVE-2017-0607

HIGH

CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7042017

CVE-2018-3843

Vulnerability Description

Related Vulnerabilities

CVE-2018-12793

CVE-2025-20072

CVE-2025-21088

CVE-2022-21786

CVE-2019-12693

CVE-2017-0607