1979 matches found
CVE-2020-26537
CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...
CVE-2020-26538
CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...
CVE-2020-26538
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2020-26539
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V in the Additional Action and Field dictionaries, a use-after-free can occur with resultant remote code execution or an information leak...
CVE-2020-26540
Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...
CVE-2020-26540
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection or an information leak can occur...
Foxit PhantomPDF Information Disclosure Vulnerability (CNVD-2020-62458)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An information disclosure vulnerability exists in Foxit PhantomPDF's handling of U3D objects embedded in PDF files. The vulnerability stems from improper validation of user-supplied data. A...
Foxit PhantomPDF Elevation of Privilege Vulnerability
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An elevation of privilege vulnerability exists in Foxit PhantomPDF 10.0.1.35811 and earlier versions in the handling of configuration files used by the update service. The vulnerability ste...
Foxit PhantomPDF Remote Code Execution Vulnerability (CNVD-2020-62464)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A remote code execution vulnerability exists in Foxit PhantomPDF's handling of U3D objects embedded in PDF files. The vulnerability stems from a failure to properly validate the length of...
Foxit PhantomPDF Remote Code Execution Vulnerability (CNVD-2020-62457)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A remote code execution vulnerability exists in the parsing of GIF files in Foxit PhantomPDF 10.0.1.35811 and earlier versions. The vulnerability stems from a failure to validate the...
Foxit PhantomPDF Remote Code Execution Vulnerability (CNVD-2020-62459)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A remote code execution vulnerability exists in Foxit PhantomPDF's handling of U3D objects embedded in PDF files. The vulnerability stems from improper validation of user-supplied data. An...
Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...
Foxit PhantomPDF GIF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GI...
Foxit PhantomPDF U3DBrowser U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PhantomPDF Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF
Vulnerabilities have been fixed in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges Foxit has...
Foxit PhantomPDF U3DBrowser U3D File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...
Foxit PhantomPDF < 9.7.3 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.3. It is, therefore affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's...
Foxit Reader and PhantomPDF Buffer Overflow Vulnerability (CNVD-2020-65176)
Foxit Reader is a PDF document reader.PhantomPDF is a PDF editor. A buffer error vulnerability exists in Foxit Reader and PhantomPDF versions prior to 10.0.1 and prior to 9.7.3, which arises from a networked system or product that performs an operation in memory without properly validating the da...