158 matches found
Type confusion
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...
CVE-2023-39542
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...
CVE-2023-40194
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...
CVE-2023-40194
Foxit Reader 12.1.3.15356 contains an arbitrary file creation vulnerability in the Javascript exportDataObject API due to whitespace handling. A crafted malicious file can create files at arbitrary locations, potentially enabling arbitrary code execution. Exploitation requires user action (openin...
CVE-2023-32616
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2023-38573
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...
PT-2023-7346 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions 12.1.2.15356 Description: The issue is related to a type confusion vulnerability in the way Foxit Reader handles field value properties. This can be triggered by a specially crafted Javascript code inside a malicious...
PT-2023-7350 · Foxit · Foxit Reader
Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.2.15356 Description: A use-after-free issue exists in the way Foxit Reader handles 3D annotations. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory...
PT-2023-8582 · Foxit · Foxit Reader
Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.3.15356 Description: The issue is related to the exportDataObject API in Foxit Reader, which fails to properly validate a dangerous extension, leading to an arbitrary file creation vulnerability. This can allow an...
Foxit PDF Editor < 11.2.7 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.7. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF...
Foxit PDF Editor for Mac < 11.1.5 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 11.1.5. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit...
Foxit PDF Editor for Mac < 12.1.1 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 12.1.1. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit...
CVE-2023-33876
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. ...
CVE-2023-28744
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...
CVE-2023-33866
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
Design/Logic Flaw
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...
CVE-2023-28744
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...
CVE-2023-27379
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-33866
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-33866
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...