CVE-2019-13333: 
Foxit PDF Reader vulnerability analysis and mitigation

This vulnerability (CVE-2019-13333) affects Foxit PhantomPDF version 9.5.0.20723. The vulnerability was discovered in May 2019 and publicly disclosed on October 4th, 2019. It allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF through the conversion of DXF files to PDF (ZDI Advisory).

The vulnerability exists within the conversion of DXF files to PDF functionality. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise if the application is running with elevated privileges (ZDI Advisory).

The plugin Dwg2Pdf, which contains this vulnerability, has reached End of Life and will not be included in Foxit Reader version 9.7 and higher. Users should upgrade to newer versions that do not include the vulnerable plugin (ZDI Advisory).