Lucene search
K
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2017/12/20 2:0 p.m.71 views

CVE-2017-16584

Foxit Reader 8.3.2.25013 contains a vulnerability in util.printf that allows read past the end of an allocated object, enabling information disclosure. Exploitation requires user interaction (e.g., visiting a malicious page or opening a malicious file) and can be combined with other flaws to exec...

6.5CVSS7.2AI score0.02578EPSS
CVE
CVE
added 2018/04/24 8:0 p.m.71 views

CVE-2017-17557

CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF

8.8CVSS8.7AI score0.03643EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.71 views

CVE-2021-31452

Foxit Reader 10.1.1.37576 and earlier is affected by a remote code execution vulnerability in the handling of XFA forms. The issue stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure and enabling code execution in the attacker’s...

7.8CVSS8.4AI score0.02933EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.71 views

CVE-2023-40194

Foxit Reader 12.1.3.15356 contains an arbitrary file creation vulnerability in the Javascript exportDataObject API due to whitespace handling. A crafted malicious file can create files at arbitrary locations, potentially enabling arbitrary code execution. Exploitation requires user action (openin...

8.8CVSS8.6AI score0.02001EPSS
CVE
CVE
added 2017/10/31 7:0 p.m.70 views

CVE-2017-10953

CVE-2017-10953 affects Foxit Reader (up to 8.3.1.21155). The flaw is in the gotoURL method, where an unvalidated user-supplied string is used to perform a system call, enabling remote code execution. Exploitation requires user interaction (victim opens a malicious file or visits a crafted page). ...

8.8CVSS8.8AI score0.03195EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.70 views

CVE-2018-14248

CVE-2018-14248 affects Foxit Reader (FXR) with a vulnerability in the exportAsXFDF method that can trigger a type-confusion condition and lead to remote Code Execution. The issue requires user interaction (visiting a malicious page or opening a malicious file) and is documented in advisories such...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.70 views

CVE-2018-14304

Foxit Reader vulnerable to a Use-After-Free in the Text annotation handling that can allow remote code execution. Affected products include Foxit Reader prior to version 9.2.0.9097 (and Foxit PhantomPDF), with exploitation requiring user interaction (visiting a malicious page or opening a crafted...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.70 views

CVE-2020-17416

CVE-2020-17416 affects Foxit Reader (and related Foxit PhantomPDF components) where the flaw is in JPEG2000 image parsing. The vulnerability is an out-of-bounds write that can allow remote code execution in the context of the affected process. It requires user interaction (target must open a mali...

7.8CVSS7.8AI score0.09084EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.70 views

CVE-2021-27261

CVE-2021-27261 affects Foxit PhantomPDF (v10.1.0.37527) and is caused by improper validation in the handling of PDF U3D objects, leading to an out-of-bounds read and remote code execution. The vulnerability allows an attacker to run arbitrary code in the context of the current process when a user...

7.8CVSS7.8AI score0.02691EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.69 views

CVE-2017-14823

CVE-2017-14823 affects Foxit Reader 8.3.1.21155. The flaw is in the signer method of XFA’s Signature objects, caused by inadequate validation, leading to a type confusion that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a m...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14250

CVE-2018-14250 affects Foxit Reader (and Foxit PhantomPDF) with a getAnnot type-confusion vulnerability that allows remote code execution. Root cause: type confusion in getAnnot triggered by JavaScript actions, requiring user interaction (visiting a malicious page or opening a malicious file). Ex...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14260

Foxit Reader CVE-2018-14260 is a type-confusion remote code execution in getPageRotation that affects Foxit Reader 9.0.1.1049. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw lets an attacker execute code in the current process context via ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14292

CVE-2018-14292 affects Foxit Reader (e.g., 9.0.1.5096 and older) where a vulnerability in PDF parsing can cause a use-after-free in document element handling, enabling remote code execution in the current process. Exploitation requires user interaction (target must open a malicious page or file)....

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14303

Overview: CVE-2018-14303 affects Foxit Reader 9.0.1.5096 and Foxit PhantomPDF pre-9.2.0.9097. The flaw exists in StrikeOut annotation handling and is a use-after-free vulnerability that can allow remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/20 12:0 p.m.69 views

CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...

9.8CVSS9.5AI score0.04739EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.69 views

CVE-2019-6761

Foxit Reader 9.4.0.16811 is affected by a vulnerability in the XFA CXFA_FFDocView object where the code fails to validate the existence of an object before performing operations, enabling arbitrary code execution. Exploitation requires user interaction (visitor to a malicious page/file). The issu...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.69 views

CVE-2019-6766

CVE-2019-6766 affects Foxit Reader 9.4.1.16828. The flaw is in removeField for AcroForms, caused by not validating the existence of the target object before operations. This enables remote information disclosure; exploitation requires user interaction (visiting a malicious page or opening a malic...

5.5CVSS5.5AI score0.02652EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.69 views

CVE-2021-31450

CVE-2021-31450 affects Foxit Reader 10.1.1.37576 (and related versions) where a fault in handling XFA forms permits remote code execution after tricking a user into opening a malicious page or file. The root cause is a failure to validate the existence of an object before performing operations on...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2017/10/31 7:0 p.m.68 views

CVE-2017-10945

Foxit Reader 8.3.0.14878 (and earlier) is affected by CVE-2017-10945 due to a use-after-free in the app.alert function caused by not validating an object before operations. This enables remote code execution with user interaction required (target must open a malicious file/page). Related advisori...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/01/23 6:49 a.m.68 views

CVE-2017-5556

The CVE-2017-5556 issue affects Foxit Reader (ConvertToPDF plugin) and Foxit PhantomPDF on Windows, where the ConvertToPDF plugin is vulnerable before version 8.2 when the gflags app is enabled. A crafted JPEG image can trigger an out-of-bounds read, causing a denial of service (application crash...

8.1CVSS7.9AI score0.0377EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.68 views

CVE-2018-10483

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10483. The issue occurs in the parsing of U3D Clod Progressive Mesh objects and results from improper validation of user-supplied data, causing a write past the end of an allocated object . This enables remote code execution in the context of the c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14243

CVE-2018-14243 concerns Foxit Reader. Multiple connected sources (ZDI-18-703, CNVD-2018-14462, OpenVAS entry) describe a type confusion vulnerability in the addPageOpenJSMessage method that allows remote code execution when a user opens a malicious page/file and executes JavaScript. Affected prod...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14279

Foxit Reader CVE-2018-14279 is a remote code execution due to a type confusion in the resetForm method. Exploitation requires user interaction (visit a malicious page or open a malicious file). Affected product scope includes Foxit Reader (versions before the latest provided in advisories) and is...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.68 views

CVE-2019-6762

CVE-2019-6762 affects Foxit PhantomPDF 9.4.1.16828. The flaw occurs in the HTML-to-PDF conversion where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User interaction is required (visiting ...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.68 views

CVE-2019-6767

CVE-2019-6767 affects Foxit Reader 9.4.1.16828. The flaw is in the removeField processing of AcroForms , where the code fails to validate an object’s existence before performing operations, enabling remote code execution . Exploitation requires user interaction (visiting a malicious page or openi...

7.8CVSS7.8AI score0.03871EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.68 views

CVE-2021-27270

CVE-2021-27270 affects Foxit PhantomPDF 10.1.0.37527. The flaw lies in JPEG2000 image parsing where improper validation can cause a read past the end of an allocated structure, enabling remote code execution in the context of the current process. Exploitation requires user interaction (visiting a...

7.8CVSS7.7AI score0.02692EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.68 views

CVE-2021-31451

CVE-2021-31451 affects Foxit Reader 10.1.1.37576. The issue is a code execution vulnerability in how Annotation objects are handled: the software does not verify the existence of an object before performing operations on it, which can allow an attacker to run arbitrary code in the context of the ...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.68 views

CVE-2021-31455

CVE-2021-31455 affects Foxit Reader 10.1.1.37576 (and related versions) via improper validation when handling XFA forms, failing to verify object existence before operations. This allows a low-privilege attacker to execute arbitrary code in the current process after the user visits a malicious pa...

7.8CVSS8.4AI score0.02761EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.68 views

CVE-2021-38569

Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...

7.5CVSS7.5AI score0.00961EPSS
CVE
CVE
added 2015/03/30 2:0 p.m.67 views

CVE-2015-2789

Summary : CVE-2015-2789 is an unquoted Windows search path vulnerability in Foxit Reader’s Cloud plugin (Foxit Cloud Safe Update Service) affecting Foxit Reader 6.1–7.0.6.1126. This local privilege-escalation flaw can allow a non-privileged, local attacker to gain elevated privileges via a Trojan...

4.4CVSS8.7AI score0.03192EPSS
CVE
CVE
added 2017/10/31 7:0 p.m.67 views

CVE-2017-10946

Foxit Reader CVE-2017-10946 affects Foxit Reader prior to 8.2.1.6871. The flaw is in the setItem function, caused by not validating the existence of an object before operating on it, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mal...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.67 views

CVE-2018-14252

Foxit Reader 9.0.1.1049 is affected by CVE-2018-14252 due to a type confusion in getField. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can lead to remote arbitrary code execution in the current process. Connected advisories (ZDI-18-712, CNVD-...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.67 views

CVE-2018-14312

CVE-2018-14312 affects Foxit Reader 9.0.1.5096 due to a use-after-free in the exportAsFDF function, caused by not validating object existence before dereferencing. This enables remote code execution when a user opens a malicious file or visits a malicious page. Connected sources confirm the vulne...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6756

CVE-2019-6756 affects Foxit PhantomPDF (version 9.4.0.16811) and Foxit Reader/PhantomPDF family in several disclosures. Description across sources indicates a vulnerability in the parsing of HTML files where the code fails to validate an object’s existence before performing operations on it. This...

5.5CVSS5.7AI score0.02784EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6757

CVE-2019-6757 affects Foxit Reader 9.4.16811. The flaw is in ConvertToPDF_x86.dll and stems from not validating the existence of an object before performing operations, enabling remote code execution after user interaction (visit a malicious page or open a malicious file). The current process con...

7.8CVSS7.8AI score0.03557EPSS
CVE
CVE
added 2020/12/22 5:58 p.m.67 views

CVE-2020-13560

CVE-2020-13560 affects Foxit PDF Reader (example: version 10.1.0.37527) and is a use-after-free in the JavaScript engine. A specially crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file). If the browser plugin ...

8.8CVSS8.8AI score0.02929EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.67 views

CVE-2021-27264

CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...

4.3CVSS3.8AI score0.02187EPSS
CVE
CVE
added 2017/07/07 4:0 p.m.66 views

CVE-2017-10994

Foxit CVE-2017-10994 affects Foxit Reader before 8.3.1 and Foxit PhantomPDF before 8.3.1. The vulnerability is described as an Arbitrary Write flaw that allows a remote attacker to execute arbitrary code via a crafted PDF document. Multiple connected advisories corroborate that the issue is a rem...

9.3CVSS7.6AI score0.04941EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.66 views

CVE-2018-1180

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1180. The vulnerability resides in AFSimple_Calculate, due to not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/08/30 12:0 p.m.66 views

CVE-2018-14317

Foxit Reader 9.1.0.5096 is affected by a PDF processing type-confusion vulnerability that enables remote code execution when a user opens a malicious page/file. Root cause is improper validation of user-supplied data during PDF handling, allowing an attacker to execute code in the current process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/04/19 7:0 p.m.66 views

CVE-2018-3842

CVE-2018-3842 affects Foxit PDF Reader (and related Foxit PDF components) with an exploitable use of an uninitialized pointer in the JavaScript engine. A specially crafted PDF can lead to dereference of uninitialized memory, enabling arbitrary code execution when the user opens the file; attack s...

8.8CVSS8.6AI score0.03221EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.66 views

CVE-2019-6763

Foxit CVE-2019-6763 affects Foxit Reader 9.4.1.16828 via the Foxit.FoxitReader.Ctl ActiveX object’s ToggleFormsDesign method. The root cause is failure to validate the existence of an object before performing operations, enabling remote code execution when a user visits a malicious page or opens ...

7.8CVSS7.8AI score0.03352EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.66 views

CVE-2019-6769

CVE-2019-6769 affects Foxit Reader 9.4.1.16828 and earlier. The flaw is in the removeField method when processing AcroForms, caused by not validating the existence of an object before operating on it, enabling arbitrary code execution in the attacker’s context after user interaction (visit a mali...

7.8CVSS7.8AI score0.04311EPSS
CVE
CVE
added 2020/12/22 5:58 p.m.66 views

CVE-2020-13570

CVE-2020-13570 is a use-after-free vulnerability in Foxit Reader/PhantomPDF (Foxit PDF Reader) JavaScript engine, affecting version 10.1.0.37527. A crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required to exploit; browser plugin usage can a...

8.8CVSS8.8AI score0.02239EPSS
CVE
CVE
added 2009/06/23 9:21 p.m.65 views

CVE-2009-0691

CVE-2009-0691 affects Foxit Reader 3.0 before Build 1817 with the JPEG2000/JBIG Decoder add-on prior to version 2.0.2009.616. A fatal error in decoding a JPX header can be triggered by a crafted PDF to cause memory corruption and a crash (DoS) and may enable arbitrary code execution. The vulnerab...

9.3CVSS8.2AI score0.05633EPSS
CVE
CVE
added 2010/04/05 3:15 p.m.65 views

CVE-2010-1239

Foxit Reader vulnerable to arbitrary code execution via crafted PDFs (two launch-action vectors). Affected: Foxit Reader before 3.2.1.0401. Root cause: PDF Open/Launch actions not properly restricted, enabling remote execution of programs (local or embedded). Impact: remote attacker could run arb...

9.3CVSS7.1AI score0.07534EPSS
CVE
CVE
added 2015/05/01 3:0 p.m.65 views

CVE-2015-3632

Foxit products Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF are vulnerable to multiple DoS flaws due to how they handle GIF data embedded in PDFs. Versions prior to 7.1.5 are affected; the underlying issue is memory corruption that can be triggered by a specially crafted GIF, leadi...

4.3CVSS6.9AI score0.06076EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.65 views

CVE-2017-14830

CVE-2017-14830 affects Foxit Reader 8.3.1.21155. The flaw is in the XFAScriptObject.setFocus method, caused by improper validation of user-supplied data, leading to a type confusion condition and remote code execution when a user visits a malicious page or opens a malicious file. Exploitation det...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/04/23 11:0 p.m.65 views

CVE-2018-10303

Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...

8.8CVSS8.8AI score0.02583EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-11618

CVE-2018-11618 affects Foxit Reader (notably versions around 9.0.0.29935 and earlier) and is caused by a failure to validate the existence of an object before performing operations in the resetForm method, leading to a remote code execution via user interaction. The vulnerability is documented as...

8.8CVSS8.8AI score0.02773EPSS
Total number of security vulnerabilities372