{"api_version":"1","generated_at":"2026-07-08T20:57:11+00:00","cve":"CVE-2016-8334","urls":{"html":"https://cve.report/CVE-2016-8334","api":"https://cve.report/api/cve/CVE-2016-8334.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-8334","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-8334"},"summary":{"title":"CVE-2016-8334","description":"A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.","state":"PUBLISHED","assigner":"talos","published_at":"2017-01-06 21:59:01","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-125","out-of-bounds read"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"3.3","severity":"LOW","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.0","source":"talos-cna@cisco.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/93799","name":"http://www.securityfocus.com/bid/93799","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Foxit Reader CVE-2016-8334 Out of Bounds Read Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0201/","name":"http://www.talosintelligence.com/reports/TALOS-2016-0201/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"],"title":"Cisco Talos - Talos 2016 0201","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-8334","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8334","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Foxit Software","product":"Foxit Reader","version":"affected 8.0.2.805","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"8334","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxitsoftware","cpe5":"reader","cpe6":"8.0.2.805","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"8334","cve":"CVE-2016-8334","epss":"0.134610000","percentile":"0.942610000","score_date":"2026-05-11","updated_at":"2026-05-12 00:01:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T02:20:30.475Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"93799","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/93799"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.talosintelligence.com/reports/TALOS-2016-0201/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Foxit Reader","vendor":"Foxit Software","versions":[{"status":"affected","version":"8.0.2.805"}]}],"datePublic":"2016-10-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR."}],"metrics":[{"cvssV3_0":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"out-of-bounds read","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-04-19T19:16:22.000Z","orgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","shortName":"talos"},"references":[{"name":"93799","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/93799"},{"tags":["x_refsource_MISC"],"url":"http://www.talosintelligence.com/reports/TALOS-2016-0201/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","ID":"CVE-2016-8334","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Foxit Reader","version":{"version_data":[{"version_value":"8.0.2.805"}]}}]},"vendor_name":"Foxit Software"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR."}]},"impact":{"cvss":{"baseScore":6.8,"baseSeverity":"Medium","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"out-of-bounds read"}]}]},"references":{"reference_data":[{"name":"93799","refsource":"BID","url":"http://www.securityfocus.com/bid/93799"},{"name":"http://www.talosintelligence.com/reports/TALOS-2016-0201/","refsource":"MISC","url":"http://www.talosintelligence.com/reports/TALOS-2016-0201/"}]}}}},"cveMetadata":{"assignerOrgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","assignerShortName":"talos","cveId":"CVE-2016-8334","datePublished":"2017-01-06T21:00:00.000Z","dateReserved":"2016-09-28T00:00:00.000Z","dateUpdated":"2024-08-06T02:20:30.475Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-01-06 21:59:01","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-125","out-of-bounds read"],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:foxitsoftware:reader:8.0.2.805:*:*:*:*:*:*:*","matchCriteriaId":"5779531D-0838-4C97-AF00-942613859ED2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"8334","Ordinal":"1","Title":"CVE-2016-8334","CVE":"CVE-2016-8334","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"8334","Ordinal":"1","NoteData":"A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.","Type":"Description","Title":"CVE-2016-8334"},{"CveYear":"2016","CveId":"8334","Ordinal":"2","NoteData":"2017-01-06","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"8334","Ordinal":"3","NoteData":"2017-01-09","Type":"Other","Title":"Modified"}]}}}