270 matches found
CVE-2022-43649
CVE-2022-43649 affects Foxit PDF Reader 12.0.2.12465, where the flaw in handling Annotation objects occurs due to not validating object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Refe...
CVE-2022-47881
CVE-2022-47881 affects Foxit PDF Reader and PDF Editor up to version 11.2.1.53537, describing an Out-of-Bounds Read vulnerability. Documentation from NVD (Description: “Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability.”) confirms the issue and the C...
CVE-2022-25641
Affected software : Foxit PDF Reader < 11.2.2, Foxit PDF Editor < 11.2.2, and PhantomPDF
CVE-2022-24368
Foxit PDF Reader 11.1.0.52543 is affected by CVE-2022-24368. The issue arises in the handling of Doc objects due to a lack of validation of an object’s existence before performing operations, which can lead to sensitive information disclosure. The description notes that an attacker can leverage t...
CVE-2022-24369
CVE-2022-24369 affects Foxit PDF Reader 11.1.0.52543. The flaw occurs in JP2 image parsing, where crafted data can trigger a write past the end of an allocated buffer, enabling arbitrary code execution in the context of the current process. User interaction is required (target must visit a malici...
CVE-2022-24360
CVE-2022-24360 (Foxit PDF Reader 11.1.0.52543) is triggered by a flaw in handling Doc objects where the program does not verify object existence before operating on it. This allows remote code execution in the context of the current process when a user visits a malicious page or opens a malicious...
CVE-2022-24358
CVE-2022-24358 affects Foxit PDF Reader 11.1.0.52543. The flaw lies in the handling of Doc objects: by performing JavaScript actions, an attacker can trigger a read past the end of an allocated buffer, enabling arbitrary code execution in the context of the current process. User interaction is re...
CVE-2022-24364
This CVE affects Foxit PDF Reader 11.1.0.52543. The flaw is in how Doc objects are handled: the code fails to validate object existence before operations, enabling remote code execution when a user opens a malicious file/page or visits a crafted site. Exploitation requires user interaction. Likel...
CVE-2022-24356
Foxit PDF Reader for macOS (CVE-2022-24356) is affected by an onMouseExit out-of-bounds/read past end vulnerability in the 11.0.1.0719 build, enabling code execution with user interaction (visit a malicious page or open a crafted file). Root cause: insufficient validation of user data leading to ...
CVE-2022-24954
Foxit PDF Reader (before 11.2.1) and Foxit PDF Editor (before 11.2.1) are affected by a Stack-Based Buffer Overflow in XFA processing, specifically related to the substrings subform colSpan="-2" and draw colSpan="1". This is the concrete vulnerability described across multiple sources (NVD, Red H...
CVE-2022-24971
Foxit PDF Reader 11.1.0.52543 is affected by a JPEG2000 image parsing flaw that allows remote code execution via crafted data. The issue arises from not validating user-supplied data, causing a read past the end of an allocated structure. Exploitation requires user interaction (visiting a malicio...
CVE-2022-24363
Foxit PDF Reader 11.1.0.52543 is affected by CVE-2022-24363 due to improper handling of Annotation objects. The flaw stems from not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user visits a malicious page or open...
CVE-2022-24361
Foxit PDF Reader 11.1.0.52543 is vulnerable to remote code execution due to improper validation during JPEG2000 image parsing, causing a write past the end of an allocated structure. The flaw allows an attacker to execute code in the current process context after the user visits a malicious page ...
CVE-2022-24365
Foxit PDF Reader 11.1.0.52543 is affected by CVE-2022-24365 due to improper handling of AcroForms. The vulnerability arises from not validating the existence of an object before performing operations on it, enabling remote code execution in the context of the current process. Exploitation require...
CVE-2023-33240
CVE-2023-33240 affects Foxit PDF Reader (versions 12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all earlier 12.x, 11.x, and 10.x series) on Windows. The vulnerability is a Local Privilege Escalation caused by unprivileged users having access to an executable file of a system se...
CVE-2022-24370
CVE-2022-24370 affects Foxit PDF Reader for macOS (e.g., Foxit Reader 11.0.1.0719 and older). The root cause is improper validation of user-supplied data in XFA forms, leading to an out-of-bounds read (read past the end of an allocated object). This can disclose sensitive information and, in comb...
CVE-2022-24955
CVE-2022-24955 affects Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1, with an Uncontrolled Search Path Element for DLL files. The CVE entry is corroborated across multiple sources (NVD, Red Hat, CNVD, etc.). Public details in connected records consistently describe the issue a...
CVE-2022-27944
CVE-2022-27944 affects Foxit PDF Reader before 12.0.1 and Foxit PDF Editor before 12.0.1, where an exportXFAData NULL pointer dereference is possible. Connected sources corroborate the issue across NVD/NCSC/Nessus entries. Impact described as NULL pointer dereference; no explicit exploit details ...
CVE-2022-25108
CVE-2022-25108 affects Foxit PDF Reader and Foxit PDF Editor (PhantomPDF) prior to specific versions: Foxit PDF Reader/Editor before 11.2.1 and PhantomPDF before 10.1.7. The vulnerability is a NULL pointer dereference during PDF parsing caused by using an unvalidated pointer. This issue is docume...
CVE-2022-26979
CVE-2022-26979 affects Foxit PDF Reader before 12.0.1 and Foxit PDF Editor before 12.0.1, where a NULL pointer dereference can occur when this.Span is used for oState of Collab.addStateModel because this.Span.text can be NULL. The vulnerability is documented across multiple sources (NVD/NCSC/Ness...
CVE-2022-30557
Foxit PDF Reader and PDF Editor prior to version 11.2.2 are affected by CVE-2022-30557 due to a Type Confusion that leads to a crash from Unsigned32 mishandling during JavaScript execution. This vulnerability is documented across multiple sources (NVD, Red Hat, OpenVAS/Nessus plugins) and is asso...
CVE-2022-24366
CVE-2022-24366 affects Foxit PDF Reader 11.1.0.52543. The issue is a failure to validate the existence of an object before performing operations on it within AcroForms, allowing remote code execution in the current process. Exploitation requires user interaction (visiting a malicious page or open...
CVE-2022-28672
Foxit PDF Reader 11.2.1.53537 is affected by CVE-2022-28672 due to improper validation of object existence in Doc objects, enabling arbitrary code execution with user interaction (open a malicious file/page). Root cause: memory/object handling flaw in Doc objects. Impact: remote code execution in...
CVE-2022-27359
CVE-2022-27359 affects Foxit PDF Reader/Editor prior to 12.0.1, with a NULL pointer dereference in this.maildoc (and related NULL-pointer issues such as this.Span for oState and exportXFAData in related CVEs). Connected sources corroborate multiple Foxit vulnerabilities in the same product family...
CVE-2024-25858
Foxit CVE-2024-25858 affects Foxit PDF Reader and PDF Editor prior to 2024.1. The issue enables code execution through JavaScript due to an unoptimized prompt message when users review command parameters. It is a local-attack vector with no user interaction required (per CVSS data: AV:L/AC:L/PR:N...
CVE-2021-41783
CVE-2021-41783 affects Foxit PDF Reader before 11.1, Foxit PDF Editor before 11.1, and PhantomPDF before 10.1.6. The root cause is a use-after-free triggered by mishandling JavaScript, enabling attackers to potentially execute arbitrary code. The CVSS details in the initial document show a local ...
CVE-2021-41782
CVE-2021-41782 affects Foxit PDF Reader before 11.1, PDF Editor before 11.1, and PhantomPDF before 10.1.6. The issue is a use-after-free caused by mishandling JavaScript, enabling attackers to trigger memory corruption and execute arbitrary code. Public disclosures in the provided documents corro...
CVE-2022-24357
CVE-2022-24357 affects Foxit PDF Reader 11.1.0.52543. The issue is a flaw in handling of Annotation objects caused by not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user interactio...
CVE-2022-28681
CVE-2022-28681 affects Foxit PDF Reader 11.2.1.53537. The flaw is in the deletePages method: JavaScript actions can read past the end of an allocated object, and, with other vulnerabilities, may enable code execution in the process context. Exploitation requires user interaction (visiting a malic...
CVE-2022-28670
Foxit PDF Reader 11.2.1.53537 is affected by CVE-2022-28670 due to a flaw in AcroForms handling that can trigger a read past the end of an allocated buffer, enabling disclosure of sensitive data and potentially enabling arbitrary code execution when combined with other vulnerabilities. Concrete d...
CVE-2022-24362
This CVE (CVE-2022-24362) affects Foxit PDF Reader 11.1.0.52543. The issue lies in AcroForms parsing, where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the current process. Exploitation requires user interaction (the target...
CVE-2021-41785
CVE-2021-41785 affects Foxit PDF Reader prior to 11.1, Foxit PDF Editor prior to 11.1, and Foxit PhantomPDF prior to 10.1.6. The issue is a use-after-free caused by mishandling JavaScript, leading to arbitrary code execution. The vulnerability affects multiple Foxit products as described in publi...
CVE-2022-24359
CVE-2022-24359 affects Foxit PDF Reader 11.1.0.52543. The issue arises from not validating the existence of an object before performing operations on it within Doc handling, enabling arbitrary code execution in the current process when a user visits a malicious page or opens a malicious file. The...
CVE-2024-47810
Foxit Reader 2024.3.0.26795 contains a use-after-free/memory corruption flaw in the 3D page object handling that can lead to arbitrary code execution when a user opens a malicious PDF or visits a malicious site with the browser plug-in enabled. Multiple connected sources corroborate this CVE (CVE...
CVE-2022-24367
Foxit PDF Reader 11.1.0.52543 is affected by a vulnerability in AcroForms where the software fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process when a user opens a malicious page or file. Exploitation req...
CVE-2022-28682
CVE-2022-28682 affects Foxit PDF Reader 11.2.1.53537. The issue lies in Doc object handling where JavaScript actions can trigger a read past the end of an allocated object, enabling remote code execution in the context of the current process after user interaction (visiting a malicious page or op...
CVE-2022-28671
Foxit PDF Reader 11.2.1.53537 is affected by CVE-2022-28671 due to improper validation of Doc objects, enabling code execution in the current process when a user visits a malicious page or opens a malicious file. Exploitation requires user interaction (UI:R) and the attack vector is Local with hi...
CVE-2022-28673
Foxit PDF Reader 11.2.1.53537 is affected by CVE-2022-28673 due to a Doc object handling flaw and missing validation when operating on Doc objects, enabling remote code execution with user interaction (visiting a malicious page or opening a malicious file). Exploitation can run code in the curren...
CVE-2024-30345
Foxit PDF Reader/Editor Critically vulnerable to Use-After-Free: AcroForm and Doc Object handling flaws allow remote code execution when a user opens a malicious file or visits a malicious page. The root cause is lack of validation of object existence before performing operations on Doc/AcroForm ...
CVE-2024-30352
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution (CVE-2024-30352) is described as a vulnerability in Foxit PDF Reader where the AcroForm handling can perform operations on objects without validating their existence, enabling code execution via a malicious page or file after user int...
CVE-2024-30371
CVE-2024-30371 affects Foxit PDF Reader (and related Foxit PDF Editor/PhantomPDF lineage) with an AcroForm Use-After-Free remote code execution. The root cause is failure to validate the existence of an object before performing operations on it within AcroForms, enabling an attacker to execute co...
CVE-2022-28679
CVE-2022-28679 affects Foxit PDF Reader 11.2.1.53537. The vulnerability is in the handling of Annotation objects and stems from not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user opens a malicious file or visit...
CVE-2021-41784
CVE-2021-41784 affects Foxit PDF Reader before 11.1, Foxit PDF Editor before 11.1, and PhantomPDF before 10.1.6. The issue is a use-after-free caused by mishandling of JavaScript, enabling attackers to trigger arbitrary code execution. The vulnerability is listed with LOCAL attack Vector and requ...
CVE-2024-30363
CVE-2024-30363 affects Foxit PDF Reader (U3D File Parsing) and related Foxit components. The issue is an out-of-bounds read caused by inadequate validation of U3D data during parsing, leading to potential information disclosure and, in combination with other flaws, possible code execution in the ...
CVE-2021-34950
CVE-2021-34950 affects Foxit PDF Reader. A flaw in how Annotation objects are validated can cause an out-of-bounds read, enabling arbitrary code execution in the context of the affected process. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file). A...
CVE-2022-28674
CVE-2022-28674 affects Foxit PDF Reader 11.2.1.53537, where a flaw in the handling of Annotation objects can lead to remote code execution if a user opens a malicious file or visits a malicious page. The underlying issue is the lack of validating an object's existence before performing operations...
CVE-2021-41780
CVE-2021-41780 affects Foxit PDF Reader < 11.1, Foxit PDF Editor < 11.1, and Foxit PhantomPDF
CVE-2022-34873
CVE-2022-34873 affects Foxit PDF Reader 11.2.1.53537 (and is referenced in multiple advisories) where JavaScript actions on Annotation objects can trigger a read past the end of an allocated object, enabling sensitive data disclosure and, in conjunction with other flaws, arbitrary code execution ...
CVE-2023-27363
Foxit CVE-2023-27363 affects Foxit PDF Reader/Editor (including PhantomPDF lineage) via exportXFAData. The flaw arises from a JavaScript interface that allows writing arbitrary files, enabling remote code execution in the user context. Exploitation requires user interaction (visiting a malicious ...
CVE-2024-30365
CVE-2024-30365 affects Foxit PDF Reader/Editor (AcroForm Use-After-Free) with the flaw in AcroForms object handling: it does not validate object existence before operations, enabling arbitrary code execution in the current process after user opens a malicious file/page. The entry references ZDI-C...