372 matches found
CVE-2017-16584
Foxit Reader 8.3.2.25013 contains a vulnerability in util.printf that allows read past the end of an allocated object, enabling information disclosure. Exploitation requires user interaction (e.g., visiting a malicious page or opening a malicious file) and can be combined with other flaws to exec...
CVE-2017-17557
CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF
CVE-2021-31452
Foxit Reader 10.1.1.37576 and earlier is affected by a remote code execution vulnerability in the handling of XFA forms. The issue stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure and enabling code execution in the attacker’s...
CVE-2023-40194
Foxit Reader 12.1.3.15356 contains an arbitrary file creation vulnerability in the Javascript exportDataObject API due to whitespace handling. A crafted malicious file can create files at arbitrary locations, potentially enabling arbitrary code execution. Exploitation requires user action (openin...
CVE-2017-10953
CVE-2017-10953 affects Foxit Reader (up to 8.3.1.21155). The flaw is in the gotoURL method, where an unvalidated user-supplied string is used to perform a system call, enabling remote code execution. Exploitation requires user interaction (victim opens a malicious file or visits a crafted page). ...
CVE-2018-14248
CVE-2018-14248 affects Foxit Reader (FXR) with a vulnerability in the exportAsXFDF method that can trigger a type-confusion condition and lead to remote Code Execution. The issue requires user interaction (visiting a malicious page or opening a malicious file) and is documented in advisories such...
CVE-2018-14304
Foxit Reader vulnerable to a Use-After-Free in the Text annotation handling that can allow remote code execution. Affected products include Foxit Reader prior to version 9.2.0.9097 (and Foxit PhantomPDF), with exploitation requiring user interaction (visiting a malicious page or opening a crafted...
CVE-2020-17416
CVE-2020-17416 affects Foxit Reader (and related Foxit PhantomPDF components) where the flaw is in JPEG2000 image parsing. The vulnerability is an out-of-bounds write that can allow remote code execution in the context of the affected process. It requires user interaction (target must open a mali...
CVE-2021-27261
CVE-2021-27261 affects Foxit PhantomPDF (v10.1.0.37527) and is caused by improper validation in the handling of PDF U3D objects, leading to an out-of-bounds read and remote code execution. The vulnerability allows an attacker to run arbitrary code in the context of the current process when a user...
CVE-2017-14823
CVE-2017-14823 affects Foxit Reader 8.3.1.21155. The flaw is in the signer method of XFA’s Signature objects, caused by inadequate validation, leading to a type confusion that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a m...
CVE-2018-14250
CVE-2018-14250 affects Foxit Reader (and Foxit PhantomPDF) with a getAnnot type-confusion vulnerability that allows remote code execution. Root cause: type confusion in getAnnot triggered by JavaScript actions, requiring user interaction (visiting a malicious page or opening a malicious file). Ex...
CVE-2018-14260
Foxit Reader CVE-2018-14260 is a type-confusion remote code execution in getPageRotation that affects Foxit Reader 9.0.1.1049. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw lets an attacker execute code in the current process context via ...
CVE-2018-14292
CVE-2018-14292 affects Foxit Reader (e.g., 9.0.1.5096 and older) where a vulnerability in PDF parsing can cause a use-after-free in document element handling, enabling remote code execution in the current process. Exploitation requires user interaction (target must open a malicious page or file)....
CVE-2018-14303
Overview: CVE-2018-14303 affects Foxit Reader 9.0.1.5096 and Foxit PhantomPDF pre-9.2.0.9097. The flaw exists in StrikeOut annotation handling and is a use-after-free vulnerability that can allow remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a...
CVE-2018-14442
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...
CVE-2019-6761
Foxit Reader 9.4.0.16811 is affected by a vulnerability in the XFA CXFA_FFDocView object where the code fails to validate the existence of an object before performing operations, enabling arbitrary code execution. Exploitation requires user interaction (visitor to a malicious page/file). The issu...
CVE-2019-6766
CVE-2019-6766 affects Foxit Reader 9.4.1.16828. The flaw is in removeField for AcroForms, caused by not validating the existence of the target object before operations. This enables remote information disclosure; exploitation requires user interaction (visiting a malicious page or opening a malic...
CVE-2021-31450
CVE-2021-31450 affects Foxit Reader 10.1.1.37576 (and related versions) where a fault in handling XFA forms permits remote code execution after tricking a user into opening a malicious page or file. The root cause is a failure to validate the existence of an object before performing operations on...
CVE-2017-10945
Foxit Reader 8.3.0.14878 (and earlier) is affected by CVE-2017-10945 due to a use-after-free in the app.alert function caused by not validating an object before operations. This enables remote code execution with user interaction required (target must open a malicious file/page). Related advisori...
CVE-2017-5556
The CVE-2017-5556 issue affects Foxit Reader (ConvertToPDF plugin) and Foxit PhantomPDF on Windows, where the ConvertToPDF plugin is vulnerable before version 8.2 when the gflags app is enabled. A crafted JPEG image can trigger an out-of-bounds read, causing a denial of service (application crash...
CVE-2018-10483
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10483. The issue occurs in the parsing of U3D Clod Progressive Mesh objects and results from improper validation of user-supplied data, causing a write past the end of an allocated object . This enables remote code execution in the context of the c...
CVE-2018-14243
CVE-2018-14243 concerns Foxit Reader. Multiple connected sources (ZDI-18-703, CNVD-2018-14462, OpenVAS entry) describe a type confusion vulnerability in the addPageOpenJSMessage method that allows remote code execution when a user opens a malicious page/file and executes JavaScript. Affected prod...
CVE-2018-14279
Foxit Reader CVE-2018-14279 is a remote code execution due to a type confusion in the resetForm method. Exploitation requires user interaction (visit a malicious page or open a malicious file). Affected product scope includes Foxit Reader (versions before the latest provided in advisories) and is...
CVE-2019-6762
CVE-2019-6762 affects Foxit PhantomPDF 9.4.1.16828. The flaw occurs in the HTML-to-PDF conversion where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User interaction is required (visiting ...
CVE-2019-6767
CVE-2019-6767 affects Foxit Reader 9.4.1.16828. The flaw is in the removeField processing of AcroForms , where the code fails to validate an object’s existence before performing operations, enabling remote code execution . Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2021-27270
CVE-2021-27270 affects Foxit PhantomPDF 10.1.0.37527. The flaw lies in JPEG2000 image parsing where improper validation can cause a read past the end of an allocated structure, enabling remote code execution in the context of the current process. Exploitation requires user interaction (visiting a...
CVE-2021-31451
CVE-2021-31451 affects Foxit Reader 10.1.1.37576. The issue is a code execution vulnerability in how Annotation objects are handled: the software does not verify the existence of an object before performing operations on it, which can allow an attacker to run arbitrary code in the context of the ...
CVE-2021-31455
CVE-2021-31455 affects Foxit Reader 10.1.1.37576 (and related versions) via improper validation when handling XFA forms, failing to verify object existence before operations. This allows a low-privilege attacker to execute arbitrary code in the current process after the user visits a malicious pa...
CVE-2021-38569
Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...
CVE-2015-2789
Summary : CVE-2015-2789 is an unquoted Windows search path vulnerability in Foxit Reader’s Cloud plugin (Foxit Cloud Safe Update Service) affecting Foxit Reader 6.1–7.0.6.1126. This local privilege-escalation flaw can allow a non-privileged, local attacker to gain elevated privileges via a Trojan...
CVE-2017-10946
Foxit Reader CVE-2017-10946 affects Foxit Reader prior to 8.2.1.6871. The flaw is in the setItem function, caused by not validating the existence of an object before operating on it, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mal...
CVE-2018-14252
Foxit Reader 9.0.1.1049 is affected by CVE-2018-14252 due to a type confusion in getField. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can lead to remote arbitrary code execution in the current process. Connected advisories (ZDI-18-712, CNVD-...
CVE-2018-14312
CVE-2018-14312 affects Foxit Reader 9.0.1.5096 due to a use-after-free in the exportAsFDF function, caused by not validating object existence before dereferencing. This enables remote code execution when a user opens a malicious file or visits a malicious page. Connected sources confirm the vulne...
CVE-2019-6756
CVE-2019-6756 affects Foxit PhantomPDF (version 9.4.0.16811) and Foxit Reader/PhantomPDF family in several disclosures. Description across sources indicates a vulnerability in the parsing of HTML files where the code fails to validate an object’s existence before performing operations on it. This...
CVE-2019-6757
CVE-2019-6757 affects Foxit Reader 9.4.16811. The flaw is in ConvertToPDF_x86.dll and stems from not validating the existence of an object before performing operations, enabling remote code execution after user interaction (visit a malicious page or open a malicious file). The current process con...
CVE-2020-13560
CVE-2020-13560 affects Foxit PDF Reader (example: version 10.1.0.37527) and is a use-after-free in the JavaScript engine. A specially crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file). If the browser plugin ...
CVE-2021-27264
CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...
CVE-2017-10994
Foxit CVE-2017-10994 affects Foxit Reader before 8.3.1 and Foxit PhantomPDF before 8.3.1. The vulnerability is described as an Arbitrary Write flaw that allows a remote attacker to execute arbitrary code via a crafted PDF document. Multiple connected advisories corroborate that the issue is a rem...
CVE-2018-1180
Foxit Reader 9.0.0.29935 is affected by CVE-2018-1180. The vulnerability resides in AFSimple_Calculate, due to not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...
CVE-2018-14317
Foxit Reader 9.1.0.5096 is affected by a PDF processing type-confusion vulnerability that enables remote code execution when a user opens a malicious page/file. Root cause is improper validation of user-supplied data during PDF handling, allowing an attacker to execute code in the current process...
CVE-2018-3842
CVE-2018-3842 affects Foxit PDF Reader (and related Foxit PDF components) with an exploitable use of an uninitialized pointer in the JavaScript engine. A specially crafted PDF can lead to dereference of uninitialized memory, enabling arbitrary code execution when the user opens the file; attack s...
CVE-2019-6763
Foxit CVE-2019-6763 affects Foxit Reader 9.4.1.16828 via the Foxit.FoxitReader.Ctl ActiveX object’s ToggleFormsDesign method. The root cause is failure to validate the existence of an object before performing operations, enabling remote code execution when a user visits a malicious page or opens ...
CVE-2019-6769
CVE-2019-6769 affects Foxit Reader 9.4.1.16828 and earlier. The flaw is in the removeField method when processing AcroForms, caused by not validating the existence of an object before operating on it, enabling arbitrary code execution in the attacker’s context after user interaction (visit a mali...
CVE-2020-13570
CVE-2020-13570 is a use-after-free vulnerability in Foxit Reader/PhantomPDF (Foxit PDF Reader) JavaScript engine, affecting version 10.1.0.37527. A crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required to exploit; browser plugin usage can a...
CVE-2009-0691
CVE-2009-0691 affects Foxit Reader 3.0 before Build 1817 with the JPEG2000/JBIG Decoder add-on prior to version 2.0.2009.616. A fatal error in decoding a JPX header can be triggered by a crafted PDF to cause memory corruption and a crash (DoS) and may enable arbitrary code execution. The vulnerab...
CVE-2010-1239
Foxit Reader vulnerable to arbitrary code execution via crafted PDFs (two launch-action vectors). Affected: Foxit Reader before 3.2.1.0401. Root cause: PDF Open/Launch actions not properly restricted, enabling remote execution of programs (local or embedded). Impact: remote attacker could run arb...
CVE-2015-3632
Foxit products Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF are vulnerable to multiple DoS flaws due to how they handle GIF data embedded in PDFs. Versions prior to 7.1.5 are affected; the underlying issue is memory corruption that can be triggered by a specially crafted GIF, leadi...
CVE-2017-14830
CVE-2017-14830 affects Foxit Reader 8.3.1.21155. The flaw is in the XFAScriptObject.setFocus method, caused by improper validation of user-supplied data, leading to a type confusion condition and remote code execution when a user visits a malicious page or opens a malicious file. Exploitation det...
CVE-2018-10303
Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...
CVE-2018-11618
CVE-2018-11618 affects Foxit Reader (notably versions around 9.0.0.29935 and earlier) and is caused by a failure to validate the existence of an object before performing operations in the resetForm method, leading to a remote code execution via user interaction. The vulnerability is documented as...