How severe is CVE-2019-13318?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2019-13318?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2019-13318 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544.

Related Vulnerabilities

CVE-2017-17132

MEDIUM

CVSS:5.5(Medium)

Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a...

CWE-1342017

CVE-2018-15749

MEDIUM

CVSS:5.5(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.

CWE-1342018

CVE-2024-55156

MEDIUM

CVSS:5.5(Medium)

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted eve...

CWE-1342024

CVE-2015-2894

MEDIUM

CVSS:5.3(Medium)

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifie...

CWE-1342015

CVE-2021-37735

MEDIUM

CVSS:5.3(Medium)

A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0....

CWE-1342021

CVE-2024-23914

MEDIUM

CVSS:5.7(Medium)

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Conte...

CWE-1342024