Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

Fremont, Calif. – June 19, 2009 – Today, Foxit is proud to announce the updated version of Foxit Reader V3.0 Build 1817 and the latest version of JPEG2000/JBIG Decoder 2.0 Build 2009.616, which is one of the critical add-ons of Foxit Reader. Foxit has fixed two security vulnerabilities in these two latest versions. For Foxit Reader users who have downloaded and used the JPEG2000/JBIG2 Decoder, please go to “Check for Updates Now” located in the Reader help menu to update your current add-on to the latest version 2.0 Build 2009.616 or click here to download the latest version Foxit Reader.

These vulnerabilities are considered mild security threats, and it’s very unlikely there will be an attack exploiting them. However, Foxit still took these issues very seriously and our Technical Team resolved the relevant security issues efficiently within a couple days. For concerned users, please download the latest Foxit Reader as well as latest JPEG2000/JBIG2 decoder.

Here is detailed information about the vulnerabilities:

  • Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. We have added guard codes to solve this issue.
  • Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. We added error handling code to terminate the decoding process.

For more information about the fixed security vulnerability, please visit Foxit security bulletins.

Download

Click here to download the latest Foxit Reader now!
Click here to download the latest JPEG2000/JBIG2 Decoder add-on!

About Foxit Corporation

Founded in 2001, Foxit Corporation has been working on the electronic publishing and documenting field focusing on the implementation of PDF Core technology. Today, Foxit has become an industrial leader by offering its platform independent core technology capable of supporting PDF and other standard e-documenting formats. Foxit's product line covers multiple types of PDF applications across various mobile platforms and desktop platforms. Foxit is also a pioneer in offering OnDemand CM, a service-based content management system, built on a patent pending technology. In addition to Foxit's online paperless document services, Foxit maintains its efforts to stay green with the development of its new eBook reader, "eSlick," a device that eliminates the need for textbooks and any other documents that would normally be printed onto paper. For Foxit, pursuing environmental excellence has always been the top priority. For more information, please visit www.foxit.com.