66 matches found
CVE-2022-43649
CVE-2022-43649 affects Foxit PDF Reader 12.0.2.12465, where the flaw in handling Annotation objects occurs due to not validating object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Refe...
CVE-2022-24356
Foxit PDF Reader for macOS (CVE-2022-24356) is affected by an onMouseExit out-of-bounds/read past end vulnerability in the 11.0.1.0719 build, enabling code execution with user interaction (visit a malicious page or open a crafted file). Root cause: insufficient validation of user data leading to ...
CVE-2022-27944
CVE-2022-27944 affects Foxit PDF Reader before 12.0.1 and Foxit PDF Editor before 12.0.1, where an exportXFAData NULL pointer dereference is possible. Connected sources corroborate the issue across NVD/NCSC/Nessus entries. Impact described as NULL pointer dereference; no explicit exploit details ...
CVE-2022-24370
CVE-2022-24370 affects Foxit PDF Reader for macOS (e.g., Foxit Reader 11.0.1.0719 and older). The root cause is improper validation of user-supplied data in XFA forms, leading to an out-of-bounds read (read past the end of an allocated object). This can disclose sensitive information and, in comb...
CVE-2022-25108
CVE-2022-25108 affects Foxit PDF Reader and Foxit PDF Editor (PhantomPDF) prior to specific versions: Foxit PDF Reader/Editor before 11.2.1 and PhantomPDF before 10.1.7. The vulnerability is a NULL pointer dereference during PDF parsing caused by using an unvalidated pointer. This issue is docume...
CVE-2024-25858
Foxit CVE-2024-25858 affects Foxit PDF Reader and PDF Editor prior to 2024.1. The issue enables code execution through JavaScript due to an unoptimized prompt message when users review command parameters. It is a local-attack vector with no user interaction required (per CVSS data: AV:L/AC:L/PR:N...
CVE-2022-26979
CVE-2022-26979 affects Foxit PDF Reader before 12.0.1 and Foxit PDF Editor before 12.0.1, where a NULL pointer dereference can occur when this.Span is used for oState of Collab.addStateModel because this.Span.text can be NULL. The vulnerability is documented across multiple sources (NVD/NCSC/Ness...
CVE-2022-27359
CVE-2022-27359 affects Foxit PDF Reader/Editor prior to 12.0.1, with a NULL pointer dereference in this.maildoc (and related NULL-pointer issues such as this.Span for oState and exportXFAData in related CVEs). Connected sources corroborate multiple Foxit vulnerabilities in the same product family...
CVE-2023-27363
Foxit CVE-2023-27363 affects Foxit PDF Reader/Editor (including PhantomPDF lineage) via exportXFAData. The flaw arises from a JavaScript interface that allows writing arbitrary files, enabling remote code execution in the user context. Exploitation requires user interaction (visiting a malicious ...
CVE-2024-30334
Foxit PDF Reader (and related Foxit PDF Editor versions) contains a Doc Object Use-After-Free Remote Code Execution vulnerability. The flaw arises from not validating the existence of an object before performing operations on Doc objects, allowing an attacker to execute code in the context of the...
CVE-2026-5940
Summary of CVE-2026-5940 : Foxit PDF Editor/Reader contains a use-after-free vulnerability in the annotation flow. The issue arises when a function triggers a UI refresh after removing comments via a script, which may access an invalidated object and cause a crash. The CVE record cites a CVSS v3....
CVE-2023-38117
CVE-2023-38117 affects Foxit PDF Reader (AcroForm Doc Object) and is a Use-After-Free in handling Doc objects, caused by not validating object existence before operations. This can allow remote code execution with the attacker hosting a malicious page or file, requiring user interaction. The vuln...
CVE-2023-38107
CVE-2023-38107 is a Foxit PDF Reader/Editor vulnerability in the handling of Annotation objects. The flaw stems from not validating the existence of an object before performing operations, allowing an attacker to achieve remote code execution in the context of the current process. Exploitation re...
CVE-2023-27330
CVE-2023-27330 describes a remote code execution flaw in Foxit PDF Reader tied to the handling of XFA annotations. The root cause is the lack of validating the existence of an Annotation object before performing operations, enabling an attacker to run code in the process context after a user open...
CVE-2023-27366
CVE-2023-27366 affects Foxit PDF Reader. It is a Doc object handling Use-After-Free vulnerability that allows an attacker to execute code in the context of the current process. Exploitation requires user interaction (target visits a malicious page or opens a malicious file). The vulnerability is ...
CVE-2023-38113
CVE-2023-38113 affects Foxit PDF Reader/Editor (Annotation handling).根The flaw is Use-After-Free in Annotation objects due to missing validation of object existence, enabling information disclosure and potential arbitrary code execution when paired with other vulnerabilities. Exploitation require...
CVE-2024-30347
Foxit PDF Reader CVE-2024-30347 describes an information-disclosure vulnerability in the U3D file parsing path. The flaw stems from insufficient validation of user-supplied data, allowing a read past the end of an allocated object and potentially exposing sensitive information. Exploitation requi...
CVE-2024-32488
CVE-2024-32488 describes a local privilege escalation in Foxit PDF Reader and Editor prior to 2024.1. The root cause is weak permissions on the update-service folder, which could allow an attacker to drop crafted DLLs during update checks and gain higher privileges. Affected component: update mec...
CVE-2022-24908
CVE-2022-24908 affects Foxit PDF Reader 11.1.0.52543. The flaw is in parsing JP2 images, where crafted data can trigger a read past the end of an allocated buffer, allowing remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious pa...
CVE-2024-30330
CVE-2024-30330 is a Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution vulnerability. The flaw arises from not validating the existence of an object before performing operations on Doc objects within AcroForms, allowing an attacker to execute code in the current process. Exploitation ...
CVE-2023-27365
CVE-2023-27365 affects Foxit PDF Editor (and related Foxit PhantomPDF components) via a flaw in DOC file parsing where macro-enabled documents are not properly restricted. An attacker can trigger arbitrary code execution by convincing a user to open a malicious DOC/file or visit a malicious page,...
CVE-2023-38112
CVE-2023-38112 affects Foxit PDF Reader (XFA Annotation) with a use-after-free in the handling of Annotation objects. The flaw arises from not validating the existence of an object before performing operations, enabling an attacker to execute arbitrary code in the current process. Impact is high ...
CVE-2023-27329
CVE-2023-27329 affects Foxit PDF Reader. The vulnerability is a Use-After-Free in Annotation handling caused by not validating object existence before operations, enabling arbitrary code execution in the process context. Exploitation requires user interaction (target visits a malicious page or op...
CVE-2023-38111
CVE-2023-38111 affects Foxit PDF Reader/Editor where the fault lies in how annotation objects are handled. The vulnerability is a use-after-free caused by not validating the existence of an object before performing operations on it, enabling code execution in the context of the current process. I...
CVE-2022-24907
CVE-2022-24907 affects Foxit PDF Reader 11.1.0.52543. The flaw lies in JP2 image parsing, where crafted JP2 data can trigger a read past the end of an allocated buffer, allowing remote code execution in the context of the current process. User interaction is required (visiting a malicious page or...
CVE-2022-37385
CVE-2022-37385 (Foxit PDF Reader version 11.2.1.53537) is a renderer/process‑level vulnerability originating from the handling of Doc objects where the code fails to validate the existence of an object before performing operations. This allows remote attackers to execute arbitrary code in the con...
CVE-2023-38110
The CVE-2023-38110 entry covers Foxit PDF Reader: an out-of-bounds read in AcroForm Doc objects due to insufficient validation of user-supplied data. This can disclose sensitive information and, in combination with other vulnerabilities, could enable arbitrary code execution in the target process...
CVE-2024-30333
CVE-2024-30333 is a Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution vulnerability. The flaw arises from not validating the existence of a Doc object before performing operations, enabling an attacker to execute code in the process context. Exploitation requires user interaction (...
CVE-2024-30366
Foxit PDF Reader/Editor is affected by an AcroForm Use-After-Free remote code execution (CVE-2024-30366). The flaw arises from not validating object existence before operating on it, enabling code execution in the current process when a user opens a malicious file/page. Exploitation requires user...
CVE-2022-43641
CVE-2022-43641 affects Foxit PDF Reader 12.0.1.12430. The issue arises in parsing U3D files due to not validating an object's existence before operations, enabling information disclosure and, with other vulnerabilities, potential arbitrary code execution in the target process. Exploitation requir...
CVE-2022-43638
CVE-2022-43638 affects Foxit PDF Reader 12.0.1.12430. The flaw is in U3D file parsing, arising from not validating the existence of an object before performing operations, which can allow a remote attacker to execute arbitrary code. Exploitation requires user interaction (target must visit a mali...
CVE-2023-27331
CVE-2023-27331 affects Foxit PDF Reader (annotation handling). The vulnerability is a Use-After-Free in the processing of Annotation objects that can allow remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or opening a m...
CVE-2023-27364
Foxit PDF Editor is affected by CVE-2023-27364: a remote code execution vulnerability in XLS file parsing due to insufficient restrictions on macro-enabled documents. An attacker can entice a user to open a malicious XLS or visit a malicious page, causing code execution in the target process. Use...
CVE-2023-38109
CVE-2023-38109 concerns Foxit PDF Reader. The issue occurs in the handling of Doc objects and stems from insufficient validation of user-supplied data, causing an out-of-bounds read (read past end of a buffer). The vulnerability can lead to disclosure of sensitive information on affected installa...
CVE-2024-30332
Foxit PDF Reader is affected by a Doc Object Use-After-Free Remote Code Execution vulnerability (CVE-2024-30332). The flaw stems from not validating the existence of a Doc object before performing operations, enabling code execution in the context of the current process. The issue requires user i...
CVE-2022-37376
CVE-2022-37376 affects Foxit PDF Editor 11.1.1.53537. The flaw lies in the handling of arrays, where actions in JavaScript can trigger a read past the end of an allocated object, enabling sensitive information disclosure. User interaction is required (target must visit a malicious page or open a ...
CVE-2022-37380
Foxit PDF Reader 11.2.1.53537 is affected by a vulnerability in the handling of ADBC objects that can be triggered by JavaScript actions, allowing read past the end of an allocated object. An attacker could leverage this with other vulnerabilities to execute arbitrary code in the context of the c...
CVE-2022-37381
CVE-2022-37381 affects Foxit PDF Reader. The flaw is in the AFSpecial_KeystrokeEx method, arising from not validating the existence of an object before performing operations, which allows an attacker to execute code in the context of the current process. Exploitation requires user interaction (th...
CVE-2024-30329
CVE-2024-30329 concerns Foxit PDF Reader/Viewer: an Annotation Use-After-Free vulnerability in the handling of Annotation objects. The flaw arises from not validating object existence before performing operations, enabling an information disclosure exposure on affected installations. The descript...
CVE-2022-37386
CVE-2022-37386 affects Foxit PDF Reader 11.2.2.53575. The issue is in the resetForm method, where JavaScript actions can trigger a read past the end of an allocated object. This can be leveraged with other vulnerabilities to execute arbitrary code in the target process, with user interaction requ...
CVE-2022-37388
CVE-2022-37388 affects Foxit PDF Reader 11.2.2.53575. The flaw is in PDF parsing where crafted data can trigger a read past the end of an allocated buffer, allowing remote code execution in the context of the current process. User interaction is required (visiting a malicious page or opening a ma...
CVE-2024-30331
CVE-2024-30331 affects Foxit PDF Reader/Editor (AcroForm Use-After-Free in AcroForms handling). The flaw arises from not validating object existence before operations on Doc objects, enabling code execution in the process context when a user opens a malicious file/page or visits a crafted page. T...
CVE-2022-37387
CVE-2022-37387 affects Foxit PDF Reader 11.2.2.53575. The Red Hat and NVD entries confirm the flaw is in AcroForms handling, arising from not validating the existence of an object before performing operations. This can allow code execution in the context of the current process when a user visits ...
CVE-2022-43640
The vulnerability CVE-2022-43640 affects Foxit PDF Reader 12.0.1.12430. The flaw is in PDF parsing: crafted data in a PDF can trigger a read past the end of an allocated buffer. This may allow information disclosure and, in conjunction with other issues, could enable arbitrary code execution in t...
CVE-2024-7724
Summary: CVE-2024-7724 is a Foxit PDF Reader/Editor use-after-free vulnerability in AcroForm handling that can lead to remote code execution. The exploit requires user interaction (the target must open a malicious file or visit a malicious page). Affects: Foxit PDF Reader/Editor (various versions...
CVE-2022-37378
CVE-2022-37378 affects Foxit PDF Editor 11.1.1.53537. The flaw is in the optimization of JavaScript functions, caused by not validating the existence of an object before performing operations, enabling arbitrary code execution when a user visits a malicious page or opens a malicious file. Descrip...
CVE-2022-37389
CVE-2022-37389 affects Foxit PDF Reader (11.2.2.53575). The root cause is improper handling in AcroForms due to not validating object existence before operations, enabling remote code execution when a user visits a malicious page or opens a malicious file. The vulnerability requires user interact...
CVE-2024-7723
CVE-2024-7723 is a Foxit PDF Reader/Editor use-after-free vulnerability in AcroForm handling that allows remote code execution after a user opens a malicious PDF or visits a malicious page. The flaw stems from validating the existence of an object before operations, enabling code execution in the...
CVE-2024-7722
CVE-2024-7722 is associated with Foxit PDF Reader/Editor and involves a Use-After-Free in the handling of Doc objects that can disclose information and, when combined with other vulnerabilities, may enable code execution in the impacted process. The vulnerability requires user interaction (visiti...
CVE-2024-7725
CVE-2024-7725 is a Use-After-Free in Foxit PDF Editor/Reader AcroForm handling that can allow remote code execution after user opens a malicious file or visits a malicious page. The flaw stems from not validating the existence of an object before operations, enabling code execution in the process...