Foxit Reader and PhantomPDF Memory Misreference Vulnerability (CNVD-2018-08295)

Foxit Reader is a Chinese Foxit Foxit software company of a PDF document reader.PhantomPDF is a commercial version. A memory misreference vulnerability exists in Foxit Reader versions prior to 9.1 and PhantomPDF versions prior to 9.1. A remote attacker can exploit this vulnerability to execute...

Foxit PhantomPDF Multiple Vulnerabilities (Apr 2018) - Windows

Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...

Heap overflow

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to...

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to...

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to...

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to...

CVE-2017-17557

CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF

Foxit Reader and PhantomPDF Memory Misreference Vulnerability (CNVD-2018-08293)

Foxit Reader is a Chinese Foxit Foxit software company of a PDF document reader.PhantomPDF is a commercial version. A memory misreference vulnerability exists in Foxit Reader versions prior to 9.1 and PhantomPDF versions prior to 9.1. A remote attacker can exploit this vulnerability to execute...

Design/Logic Flaw

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10303

Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...

CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

Design/Logic Flaw

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

CVE-2018-10302

CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...

KLA11237 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An unsafe DLL loading...

SRC-2018-0020 : Foxit Reader Signature Field lineWidth Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists whe...

SRC-2018-0019 : Foxit Reader field event userName Setter Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists whe...