Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20725)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20724)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20722)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Arbitrary Code Execution Vulnerability

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. The JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and Foxit PhantomPDF 9.2.0.9297 and earlier versions...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20723)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...

Foxit PDF Reader JavaScript Engine Remote Code Execution Vulnerability (CNVD-2018-20706)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A remote code execution vulnerability exists in the JavaScript engine in Foxit PDF Reader. A remote attacker can exploit this vulnerability to execut...

CVE-2018-3996

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2018-16291

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can...

CVE-2018-16292

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can...

Apache PDFBox parser denial of service vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox parser there is a denial-of-service vulnerability, attackers use...

PT-2018-16361 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker must trick...

UBUNTU-CVE-2018-18020

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file...

PT-2018-16359 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, leading to arbitrary code execution. This can occur when a user is...

CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact...

CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact...

CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact...

PT-2018-3976 · Xpdf +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

DEBIAN-CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...