CVE-2019-17135: 
Foxit PDF Reader vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2019-17135) was discovered in Foxit PhantomPDF version 9.5.0.20723. The vulnerability specifically affects the Dwg2Pdf plugin and involves the parsing of DXF files. This security flaw was reported on May 29, 2019, and publicly disclosed on October 4, 2019 (ZDI Advisory).

The vulnerability exists within the parsing of DXF files in the Dwg2Pdf plugin of Foxit PhantomPDF. The specific issue stems from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

The Dwg2Pdf plugin has been marked as End of Life and was removed from Foxit Reader version 9.7 and higher, effectively mitigating this vulnerability in newer versions (ZDI Advisory).