Lucene search
K
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2017/10/31 7:0 p.m.65 views

CVE-2017-10947

CVE-2017-10947 affects Foxit Reader 8.2.1.6871 and Foxit PhantomPDF prior to 8.3.1, where a use-after-free in the print() function arises from not validating object existence before operations. This allows remote code execution under the process context when a user opens a crafted document or vis...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.65 views

CVE-2017-16576

CVE-2017-16576 affects Foxit Reader, notably versions around 8.3.1.21155 (and related 8.3.x lines). The root cause is in the XFA field element where the code fails to validate object existence before operating on it, enabling remote code execution when a user opens a malicious page or file and in...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.65 views

CVE-2017-16579

CVE-2017-16579 affects Foxit Reader 8.3.2.25013 (and related Foxit products). The vulnerability arises in the JPEG2000 image parsing path due to insufficient validation of user-supplied data, allowing an out-of-bounds read past the end of an allocated object. This can lead to information disclosu...

6.5CVSS7.3AI score0.02456EPSS
CVE
CVE
added 2018/04/23 11:0 p.m.65 views

CVE-2018-10303

Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...

8.8CVSS8.8AI score0.02583EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-11618

CVE-2018-11618 affects Foxit Reader (notably versions around 9.0.0.29935 and earlier) and is caused by a failure to validate the existence of an object before performing operations in the resetForm method, leading to a remote code execution via user interaction. The vulnerability is documented as...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-14275

Foxit Reader CVE-2018-14275: A type confusion in spawnPageFromTemplate in Foxit Reader (affecting versions including 9.0.1.1049) allows remote code execution when a user visits a malicious page or opens a malicious file; exploitation requires user interaction and can execute code in the current p...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-14285

CVE-2018-14285 affects Foxit Reader 9.0.1.1049 (Windows) and is caused by improper validation in handling of the oneOfChild attribute, leading to a type confusion condition that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.65 views

CVE-2019-6768

CVE-2019-6768 affects Foxit Reader 9.4.1.16828 (Windows). The vulnerability resides in the removeField method when processing AcroForms, caused by not validating the existence of an object before performing operations, enabling remote code execution. User interaction is required (target must visi...

7.8CVSS7.8AI score0.03128EPSS
CVE
CVE
added 2020/10/02 8:0 a.m.65 views

CVE-2020-26540

Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...

7.5CVSS7.6AI score0.00666EPSS
CVE
CVE
added 2015/03/30 2:0 p.m.64 views

CVE-2015-2790

CVE-2015-2790 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1. The issue is a denial-of-service caused by memory corruption triggered by a crafted GIF image, specifically via (1) Ubyte Size in a DataSubBlock or (2) LZWMinimumCodeSize. OpenVAS/Nessus entries confir...

4.3CVSS7AI score0.24516EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.64 views

CVE-2016-4060

CVE-2016-4060 is a use-after-free vulnerability in Foxit Reader and Foxit PhantomPDF for Windows, tracked across multiple sources. The issue affects Foxit Reader and Foxit PhantomPDF versions prior to 7.3.4. The root cause is a memory mismanagement condition (use-after-free) exposed by parsing ce...

7.5CVSS7.2AI score0.01269EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.64 views

CVE-2017-14836

CVE-2017-14836 is a remote code execution vulnerability in Foxit Reader 8.3.1. The issue arises from the modDate property of Annotation objects, where the code does not validate the existence of the target object before operating on it. This can allow an attacker to execute arbitrary code in the ...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.64 views

CVE-2017-8453

CVE-2017-8453 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or possibly execute arbitrary code. The CVE is documented with a high-sever...

8.8CVSS8.8AI score0.03939EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-11622

Summary (CVE-2018-11622) : A boundary/overflow flaw in Foxit Reader’s ConvertToPDF_x86.dll (CVSS up to 8.8) allows a remote attacker to execute arbitrary code after the user visits a malicious page or opens a crafted file. Affected: Foxit Reader on Windows (e.g., versions around 9.0.1.1049 and ea...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14247

Foxit Reader CVE-2018-14247 is a type-confusion remote code execution vulnerability in the exportAsFDF method. Exploitation requires user interaction (visiting a malicious page or opening a malicious file via JavaScript) and can execute code under the current process. Connected advisories (e.g., ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14256

CVE-2018-14256 affects Foxit Reader, where the flaw is in the getOCGs method leading to a type confusion and remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a crafted file). Affected: Foxit Reader 9.0.1.1049 (and related Foxit products); multipl...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14258

Foxit Reader (Windows) is affected by CVE-2018-14258 due to a type confusion in getPageNthWord, allowing remote code execution when a user opens a malicious page/file or otherwise interacts with crafted content. The flaw exists in Foxit Reader 9.0.1.1049 and, per advisories, affects versions olde...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14267

Foxit Reader (Windows) is affected by CVE-2018-14267, a type-confusion vulnerability in the importTextData method that can be triggered to execute code remotely. Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and results in arbitrary code execution in...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.64 views

CVE-2020-17415

CVE-2020-17415 affects Foxit PhantomPDF (notably the Update Service) where incorrect permissions on a configuration/resource used by the update service allow a local, low-privilege attacker to escalate to SYSTEM and execute code. Affected versions include PhantomPDF 10.0.0.35798 (and related 10.0...

7.8CVSS7.6AI score0.02059EPSS
CVE
CVE
added 2012/08/23 3:0 p.m.63 views

CVE-2012-4337

Foxit Reader is affected: pre-5.3 on Windows XP/7 allows remote code execution via a crafted PDF that triggers negative-number calculation during cross-reference processing. The root cause is memory corruption during PDF parsing, leading to arbitrary code execution with the caller’s privileges. A...

9.3CVSS7.7AI score0.05042EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.63 views

CVE-2017-14821

CVE-2017-14821 affects Foxit Reader 8.3.1.21155, with the root cause in parsing the xTsiz member of SIZ markers, leading to potential information disclosure and, in conjunction with other vulnerabilities, code execution. The exploit requires user interaction (visiting a malicious page or opening ...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.63 views

CVE-2017-16571

CVE-2017-16571 affects Foxit Reader 8.3.1.21155. The issue is a type-confusion flaw in handling references to the app object from FormCalc, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability is document...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.63 views

CVE-2017-16572

CVE-2017-16572 affects Foxit Reader 8.3.1.21155 . The vulnerability resides in FormCalc's closeDoc method and is caused by improper validation that leads to a type confusion condition, enabling remote code execution in the context of the current process. Exploitation requires user interaction (th...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.63 views

CVE-2017-16574

Summary (CVE-2017-16574): Foxit Reader (8.3.1.21155) is affected by an information-disclosure vulnerability in the Image filters parsing, caused by inadequate validation of user-supplied data, which can lead to an out-of-bounds read. Exploitation requires user interaction (visiting a malicious pa...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.63 views

CVE-2018-10480

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10480 due to improper validation in the handling of the U3D Node Name buffer, causing a read past the end of an allocated buffer. The vulnerability can disclose sensitive information and, in conjunction with other vulnerabilities, may allow code ex...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.63 views

CVE-2018-10490

CVE-2018-10490 affects Foxit Reader 9.0.0.29935 and relates to the parsing of JPEG images embedded inside U3D files. The vulnerability is caused by a lack of proper validation of user-supplied data, leading to an out-of-bounds memory access and enabling remote code execution in the context of the...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14291

Foxit Reader CVE-2018-14291 is a PDF parsing vulnerability (use-after-free) that allows remote code execution when an attacker manipulates PDF elements; user interaction (open a malicious file/page) is required. The weakness is in the parsing of PDF documents, specifically a pointer reuse after f...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14300

CVE-2018-14300 describes a remote code execution vulnerability in Foxit Reader caused by a use-after-free in the handling of Polygon annotations. The flaw reuses a freed pointer during document element processing, enabling an attacker to run arbitrary code in the victim process when a user opens ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14302

CVE-2018-14302 affects Foxit Reader (Windows) via a remote code execution vulnerability in Square annotations. The flaw is an use-after-free in processing of annotations that can be triggered when a user visits a malicious page or opens a malicious file, enabling arbitrary code execution in the c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14308

CVE-2018-14308 affects Foxit Reader (and Foxit PhantomPDF) with versions before 9.2.0.9097. The root cause is a use-after-free in valueAsString handling where the code does not verify an object exists before operating on it, allowing remote code execution when a user visits a malicious page or op...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/05 8:0 a.m.63 views

CVE-2018-18933

CVE-2018-18933 affects Foxit Reader 9.3.0.10826 with the u3d plugin (9.3.0.10809 in FoxitReader.exe). The vulnerability is an out-of-bounds read caused by a Read Access Violation near NULL in FoxitReader!safe_vsnprintf+0x00000000002c4330 when processing a U3D sample, enabling a remote attacker to...

9.1CVSS8.8AI score0.03007EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.63 views

CVE-2020-17414

CVE-2020-17414 affects Foxit Reader (and related updates) with a local privilege-escalation in the Update Service due to incorrect permissions on a resource used by the service, enabling code execution in the SYSTEM context. Impact is local, requiring low-privilege code execution before exploitat...

7.8CVSS7.6AI score0.01909EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.63 views

CVE-2020-17417

CVE-2020-17417 affects Foxit Reader (10.0.1.35811 and earlier) and related Foxit products. The root cause is a failure to verify the existence of an Annotation object before performing operations on it, leading to use-after-free/invalid object handling in Annotation processing. This can enable re...

7.8CVSS7.8AI score0.09084EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.63 views

CVE-2020-26537

CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...

9.8CVSS9.2AI score0.01149EPSS
CVE
CVE
added 2021/08/11 9:13 p.m.63 views

CVE-2021-38572

CVE-2021-38572 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where the extractPages pathname is not validated, allowing an attacker to write to arbitrary files. The connected documents confirm the affected products and the root cause (unvalidated extractPages pathname). No exploitati...

9.8CVSS9.3AI score0.01117EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.62 views

CVE-2016-4064

Foxit Reader and Foxit PhantomPDF (Windows) ≤ 7.3.3 are affected by CVE-2016-4064 due to a use-after-free in the XFA forms handling when a crafted remerge call is processed. This leads to remote code execution with high impact (as described in connected sources). Remediation per the documents: up...

7.8CVSS7.8AI score0.04182EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.62 views

CVE-2017-14827

CVE-2017-14827 affects Foxit Reader 8.3.1.21155 where the append method of XFA Node objects fails to properly validate user-supplied data, causing a type-confusion vulnerability that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mali...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.62 views

CVE-2017-14833

CVE-2017-14833 affects Foxit Reader 8.3.1.21155 and related builds, where the style attribute of Text Annotation objects can be manipulated after object existence is not validated, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a malicious ...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.62 views

CVE-2017-16575

CVE-2017-16575 affects Foxit Reader and is a remote code execution vulnerability in the XFA bind element. The root cause is a failure to validate the existence of an object before performing operations on it, enabling an attacker to execute arbitrary code in the current process when a user opens ...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.62 views

CVE-2017-16585

Foxit Reader 8.3.2.25013 contains a remote code execution flaw in the app.response method caused by not validating an object before operating on it. An attacker can exploit this via a user-interaction (visiting a malicious page or opening a malicious file) to run code in the process context. Conn...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.62 views

CVE-2018-14254

CVE-2018-14254 affects Foxit Reader (notably 9.0.1.1049) where a type confusion in the getLinks method can be triggered by JavaScript on a malicious page or file, allowing remote code execution under the process context. Multiple connected sources corroborate a getLinks-based type confusion with ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.62 views

CVE-2018-14278

CVE-2018-14278 affects Foxit Reader. The flaw is a type confusion in getPageNumWords that can allow remote code execution via crafted JavaScript when a user opens a malicious page/file. Exploitation requires user interaction. Reports/connected advisories indicate multiple related fixes; remediati...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.62 views

CVE-2018-14295

Summary: CVE-2018-14295 affects Foxit PhantomPDF (and Foxit Reader) with a PDF-parsing flaw. A vulnerability in how shading patterns are processed can cause an integer overflow before buffer allocation, enabling remote code execution when a user opens a malicious file/page or visits a crafted pag...

8.8CVSS7.9AI score0.08895EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.62 views

CVE-2018-14311

CVE-2018-14311 affects Foxit Reader (and Foxit PhantomPDF) via a type confusion in XFA event handling. The flaw arises from improper validation of user-supplied data, enabling remote code execution when a user opens a malicious file or visits a crafted page. Exploitation requires user interaction...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.62 views

CVE-2018-19345

Summary (CVE-2018-19345) The u3d plugin in Foxit Reader 9.3.0.10826 (plugin 9.3.0.10809) is vulnerable to a denial of service and potential information disclosure due to a Read Access Violation near NULL in U3DBrowser!PlugInMain. This results in an out-of-bounds read when processing a malicious U...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.62 views

CVE-2018-9941

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA record append handling that can lead to remote code execution via type confusion. The flaw arises from improper validation of user-supplied data, and exploitation requires user interaction (visiting a malicious page or opening a m...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.62 views

CVE-2018-9947

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9947, a heap-based buffer overflow in BMP image parsing. The flaw arises from improper validation of the length of user-supplied data before copying to a fixed-length heap buffer, allowing remote code execution. Exploitation requires user interacti...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.62 views

CVE-2018-9981

CVE-2018-9981 affects Foxit Reader 9.0.0.29935. The flaw is in U3D file parsing due to an uninitialized pointer, allowing remote code execution in the current process after user interaction (malicious page or file). Exploitation details are described across multiple sources linked to Foxit/ZDI; n...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.62 views

CVE-2019-6770

Foxit Reader 9.4.1.16828 is affected by a vulnerability in the resetForm method for AcroForms that discloses information due to not validating an object’s existence before operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, per the docum...

5.5CVSS5.5AI score0.02652EPSS
CVE
CVE
added 2020/12/15 12:53 p.m.62 views

CVE-2020-28203

CVE-2020-28203 affects Foxit Reader and PhantomPDF up to 10.1.0.37527, where opening a crafted PDF can trigger a null pointer dereference, causing the application to crash (denial of service). This is supported by multiple sources in the connected documents, including the NVD entry and vendor dis...

5.5CVSS6AI score0.01868EPSS
Total number of security vulnerabilities372