How severe is CVE-2019-13334?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-13334?

This is classified as CWE-822, which is a common weakness in software security.

CVE-2019-13334 - HIGH Severity | CVSS 7.8

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774.

Related Vulnerabilities

CVE-2018-19029

HIGH

CVSS:7.8(High)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data...

CWE-8222018

CVE-2018-7502

HIGH

CVSS:7.8(High)

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target...

CWE-8222018

CVE-2020-26997

HIGH

CVSS:7.8(High)

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications...

CWE-8222020

CVE-2020-27003

HIGH

CVSS:7.8(High)

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when pa...

CWE-8222020

CVE-2020-27277

HIGH

CVSS:7.8(High)

Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.

CWE-8222020

CVE-2020-27288

HIGH

CVSS:7.8(High)

An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code e...

CWE-8222020