What is CVE-2015-8580?

CVE-2015-8580 is a vulnerability in Foxitsoftware Foxit_reader. Published 2015-12-16.

Is CVE-2015-8580 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Foxitsoftware Foxit_reader

CVE-2015-8580

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.

EPSS: 0.007 (71.9th percentile) — read the EPSS interpretation.

Affected products

Foxitsoftware Foxit_reader
Foxitsoftware Phantompdf
N/a — versions n/a

Public proof-of-concept exploits

0xCyberY/CVE-T4PDF
ARPSyndicate/cvemon

References

cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-8580?: CVE-2015-8580 is a vulnerability in Foxitsoftware Foxit_reader. Published 2015-12-16.
Is CVE-2015-8580 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.