CVE-2021-38568

CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...

CVE-2021-38569

Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2021-38570

CVE-2021-38570 affects Foxit Reader and Foxit PhantomPDF versions prior to 10.1.4. The issue allows an attacker to delete arbitrary files during uninstallation by abusing a symlink, enabling file deletion on the user’s system. Exploitation details are not provided in the supplied documents. The v...

CVE-2021-38570

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files during uninstallation via a symlink...

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502...

CVE-2021-38571

CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated...

CVE-2021-38572

CVE-2021-38572 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where the extractPages pathname is not validated, allowing an attacker to write to arbitrary files. The connected documents confirm the affected products and the root cause (unvalidated extractPages pathname). No exploitati...

CVE-2021-38573

Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...

CVE-2021-38573

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated...

CVE-2021-38574

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string...

CVE-2021-38574

CVE-2021-38574 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is a SQL injection vulnerability triggered by crafted data at the end of a string in database-related processing. Affected components/locations are not further specified in the provided material. Impact is describ...

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...

CVE-2021-33794

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction...

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...

CVE-2021-33794

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction...

Out-of-bounds

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...

Information disclosure

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction...

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...