Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure
Vulnerability discovered by Aleksandar Nikolic of Talos.
Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. The `memcpy` call is properly sized, but the source is smaller than the size argument, causing the adjacent memory to be copied into a buffer, where heap metadata, addresses and pointers can be copied and later reused, disclosing memory layout. Combined with another vulnerability, this information disclosure can be used to leak heap memory layout and bypass ASLR. Phishing campaigns commonly use PDF files, as malicious attachments or linked downloads, to deliver malware.