CVE-2011-1908 : Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Read

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

Published 2011-06-24 20:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2011-1908

Foxitsoftware » Foxit Reader
Versions up to, including, (<=) 4.0
cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 2.2
cpe:2.3:a:foxitsoftware:foxit_reader:2.2:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 2.0
cpe:2.3:a:foxitsoftware:foxit_reader:2.0:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 2.3
cpe:2.3:a:foxitsoftware:foxit_reader:2.3:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.0
cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.3.1
cpe:2.3:a:foxitsoftware:foxit_reader:3.3.1:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.1.1
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.1.3
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.3:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.1.4
cpe:2.3:a:foxitsoftware:foxit_reader:3.1.4:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.2.1
cpe:2.3:a:foxitsoftware:foxit_reader:3.2.1:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.2
cpe:2.3:a:foxitsoftware:foxit_reader:3.2:*:*:*:*:*:*:*
Matching versions
Foxitsoftware » Foxit Reader » Version: 3.1
cpe:2.3:a:foxitsoftware:foxit_reader:3.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1908

EPSS FAQ

0.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1908

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1908

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1908

http://www.microsoft.com/technet/security/advisory/msvr11-005.mspx

Technical documentation, API, and code examples | Microsoft Docs
Third Party Advisory
http://www.foxitsoftware.com/products/reader/security_bulletins.php#freetype

Free PDF Reader & PDF Viewer Download | Foxit Software
Patch;Vendor Advisory
http://www.securityfocus.com/bid/48359

Foxit Reader Freetype Engine Remote Integer Overflow Vulnerabiliy
Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68145

Foxit Reader Freetype engine integer overflow CVE-2011-1908 Vulnerability Report

Jump to

Vulnerability Details : CVE-2011-1908

Products affected by CVE-2011-1908

Exploit prediction scoring system (EPSS) score for CVE-2011-1908

CVSS scores for CVE-2011-1908

CWE ids for CVE-2011-1908

References for CVE-2011-1908