20 matches found
CVE-2019-20831
CVE-2019-20831 : Affected product is Foxit Reader/PhantomPDF with the 3D Plugin Beta prior to version 9.5.0.20733. The issue arises from void data mishandling in the plugin, which can cause the application to crash. The connected Red Hat/CVE and CNVD entries corroborate the same description. No e...
CVE-2020-17411
CVE-2020-17411 affects Foxit PhantomPDF 10.0.0.35798. The flaw is in handling of U3D objects embedded in PDF files, caused by inadequate validation of user-supplied data, leading to an information-disclosure/out-of-bounds condition (read past end of an allocated object). Exploitation requires use...
CVE-2021-31467
CVE-2021-31467 - Foxit Reader U3D parsing out-of-bounds read : The affected product is Foxit Reader 10.1.3.37598. The root cause is a lack of proper validation during U3D file parsing embedded in PDF documents, causing an out-of-bounds read of an allocated object. This information-disclosure flaw...
CVE-2019-20822
The CVE-2019-20822 issue affects Foxit Reader and PhantomPDF’s 3D Plugin Beta, with an out-of-bounds write caused by incorrect image data in versions prior to 9.7.0.29430. The vulnerability is described across multiple sources as a buffer write/overflow in the 3D Plugin, impacting the plugin comp...
CVE-2020-17412
The CVE-2020-17412 entry concerns Foxit PhantomPDF 10.0.0.35798 with a vulnerability in the handling of U3D objects embedded in PDF files. The issue arises from inadequate validation of user-supplied data, leading to a write past the end of an allocated structure and potential remote code executi...
CVE-2020-17413
Foxit PhantomPDF 10.0.0.35798 is affected by CVE-2020-17413 due to a stack-based buffer overflow when parsing U3D objects in PDFs. The root cause is improper validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution with required ...
CVE-2021-31463
CVE-2021-31463 affects Foxit Reader 10.1.3.37598. The vulnerability stems from improper validation in the handling of U3D objects embedded in PDF files, causing an out-of-bounds read that can disclose sensitive information. Exploitation requires user interaction (the target must open a malicious ...
CVE-2021-31471
This CVE (CVE-2021-31471) affects Foxit Reader 10.1.1.37576 and relates to information disclosure via U3D object handling in PDFs. The root cause is improper validation of user-supplied data that can lead to reading past the end of an allocated object. The Red Hat, CNVD, CNNVD, CNVD, and ZDI entr...
CVE-2019-6982
Foxit 3D Plugin Beta (pre-9.4.0.16807) for Foxit Reader and PhantomPDF is affected. The vulnerability is an Out-of-Bounds Write that can cause a crash when processing certain PDF files embedding crafted 3D content, caused by improper handling of a logic exception in IFXASSERT. Connected sources c...
CVE-2021-31464
CVE-2021-31464 affects Foxit Reader 10.1.3.37598 via U3D file parsing in PDFs. Root cause: lack of proper validation leads to an out-of-bounds read in embedded U3D handling, enabling information disclosure when a user opens a malicious file/page or visits a crafted page. Documented impact is info...
CVE-2021-31466
Foxit Reader 10.1.3.37598 is affected by CVE-2021-31466 due to a flaw in U3D object handling within PDF parsing. The issue stems from inadequate validation of user-supplied data, enabling an out-of-bounds read that can lead to remote code execution in the context of the current process. Exploitat...
CVE-2021-31468
Foxit Reader 10.1.3.37598 contains a U3D file parsing vulnerability in PDFs that allows remote code execution. The flaw stems from missing validation of user-supplied data, causing an out-of-bounds read past an allocated object. Exploitation requires the user to open a malicious PDF (or visit a m...
CVE-2021-31472
CVE-2021-31472 affects Foxit Reader 10.1.1.37576. The root cause is improper validation in the handling of U3D objects within PDF files, causing a write past the end of an allocated data structure. This enables remote code execution with the attacker able to run code in the context of the current...
CVE-2019-6983
The CVE-2019-6983 issue affects Foxit 3D Plugin Beta in Foxit Reader/PhantomPDF prior to 9.4.0.16807. The vulnerability is an Integer Overflow in the 3D content handling path that can cause a crash via freeing memory in certain crafted PDF files containing 3D content. No exploit details are provi...
CVE-2021-31462
Foxit Reader 10.1.3.37598 is affected by a U3D file parsing vulnerability that leads to information disclosure. The issue arises from improper validation of user-supplied data when handling embedded U3D objects in PDFs, allowing a read past the end of an allocated object. Exploitation requires us...
CVE-2021-31469
Foxit Reader 10.1.1.37576 contains an information-disclosure/ out-of-bounds vulnerability in the handling of U3D objects embedded in PDF files. The issue arises from insufficient validation of user-supplied data, allowing read past the end of an allocated object. Exploitation requires user intera...
CVE-2021-31470
CVE-2021-31470 affects Foxit Reader 10.1.1.37576. The issue is a parsing/use-after-free in handling of U3D objects within PDFs, caused by not validating the existence of an object before performing operations. This can enable remote code execution with the current process context when a user visi...
CVE-2019-6984
Foxit 3D Plugin Beta (before 9.4.0.16807) for Foxit Reader/PhantomPDF is affected. The issue can trigger Use-After-Free or Type Confusion and crash when parsing certain PDFs that embed crafted 3D content, caused by a wild pointer. Affected component is the Foxit 3D Plugin Beta prior to version 9....
CVE-2019-6985
CVE-2019-6985 affects Foxit 3D Plugin Beta prior to 9.4.0.16807 for Foxit Reader/PhantomPDF. The issue is an out-of-bounds read in Indexing or a heap overflow caused by an array access violation when handling PDF files that embed crafted 3D content, leading to a crash. No exploitation details are...
CVE-2021-31465
CVE-2021-31465 affects Foxit Reader 10.1.3.37598. The vulnerability is in the handling of U3D objects within PDF files and stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure. This can allow a remote attacker to execute code in ...