CVE-2016-8334
Summary
| CVE | CVE-2016-8334 |
|---|---|
| State | PUBLISHED |
| Assigner | talos |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-06 21:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. |
Risk And Classification
Primary CVSS: v3.0 3.3 LOW from [email protected]
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS: 0.134610000 probability, percentile 0.942610000 (date 2026-05-11)
Problem Types: CWE-125 | out-of-bounds read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 3.3 | LOW | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
| 3.0 | [email protected] | Secondary | 6.8 | MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H |
| 3.0 | CNA | DECLARED | 6.8 | MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H |
| 2.0 | [email protected] | Primary | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Foxitsoftware | Reader | 8.0.2.805 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Foxit Software | Foxit Reader | affected 8.0.2.805 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Foxit Reader CVE-2016-8334 Out of Bounds Read Local Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Cisco Talos - Talos 2016 0201 | af854a3a-2127-422b-91ae-364da2661108 | www.talosintelligence.com | Technical Description, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.