Wed, Jun 24 2009 4:53 Don

Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

SUMMARY

Here is detailed information about the vulnerabilities:

  1. Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. We have added guard codes to solve this issue.
  2. Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. We added error handling code to terminate the decoding process.

http://www.foxitsoftware.com/pdf/reader/security.htm#0602

Filed under: