CVE-2018-3853

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...

CVE-2018-3853

CVE-2018-3853 is an exploitable use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.0.1.1049). A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. An attacker must entice the user to open the malicious PDF to trigger the flaw; i...

PT-2018-16247 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.0.1.1049 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker mu...

Foxit PDF Reader AssociatedFile Annotation Type Confusion(CVE-2018-3843)

Summary An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability(CVE-2018-3853)

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to tric...

Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability(CVE-2017-14458)

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities

Discovered by Aleksandar Nikolic of Cisco Talos Update 05/15/18: The CVE for TALOS-2018-0517 has been corrected below. Overview Today, Talos is releasing details of a new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It...

xpdf 'DCTStream::readHuffSym' function denial of service vulnerability

Xpdf is an open source PDF reader developed by Foo Labs , it supports decoding LZW compressed format files and read encrypted PDF files.DCT decoder is one of the DCT decoder . Xpdf 4.00 before the version of the DCT decoder in the Stream.cc file 'DCTStream::readHuffSym' function has a security...

CVE-2018-3850

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2017-14458

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick th...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick th...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2017-14458

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick th...

CVE-2017-14458

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick th...

CVE-2018-3850

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2017-14458

CVE-2017-14458 affects Foxit PDF Reader/Engine, notably Foxit PDF Reader 8.3.2.25013. The vulnerability is a use-after-free in the JavaScript engine that can be triggered by a crafted PDF, causing the previously freed object to be reused and allowing arbitrary code execution. Exploitation require...

CVE-2018-3850

CVE-2018-3850 is a use-after-free vulnerability in Foxit Software’s Foxit PDF Reader JavaScript engine (v9.0.1.1049) that can be triggered by opening a specially crafted PDF. The issue reuses a previously freed memory object, allowing arbitrary code execution. Attack requires user interaction (op...

Foxit PDF Reader JavaScript Engine Memory Misreference Vulnerability

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. An attacker can exploit this vulnerabilit...

CVE-2018-3843

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, an...