CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation and read access violation...

CVE-2020-26534

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution...

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation and read access violation...

CVE-2020-26540

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection or an information leak can occur...

CVE-2020-26539

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V in the Additional Action and Field dictionaries, a use-after-free can occur with resultant remote code execution or an information leak...

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution...

Out-of-bounds

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write...

Directory traversal

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory...

Null pointer dereference

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V in the Additional Action and Field dictionaries, a use-after-free can occur with resultant remote code execution or an information leak...

Code injection

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation and read access violation...

CVE-2020-26534

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution...

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation and read access violation...

CVE-2020-26536

Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...

CVE-2020-26537

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write...