Lucene search
K
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2021/05/07 8:16 p.m.62 views

CVE-2021-31453

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31453 due to improper validation of an object in XFA Forms handling, enabling remote code execution. The flaw allows an attacker to run arbitrary code in the context of the current process after user interaction (e.g., opening a malicious file or ...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.62 views

CVE-2021-31454

Foxit Reader 10.1.1.37576 is affected by a heap-based buffer overflow in parsing Decimal elements (leadDigits). A crafted leadDigits value can overflow a fixed-length heap buffer, enabling remote code execution in the context of the current process with user interaction (visiting a malicious page...

7.8CVSS8.5AI score0.02511EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.61 views

CVE-2016-4061

Summary of CVE-2016-4061 : Foxit Reader and PhantomPDF (Windows) prior to version 7.3.4 are affected by a vulnerability that allows remote attackers to cause a denial of service (application crash) via a crafted content stream. The issue is described across multiple feeds as a memory/parse fault ...

7.5CVSS7.1AI score0.01269EPSS
CVE
CVE
added 2018/02/07 5:0 p.m.61 views

CVE-2016-6169

CVE-2016-6169 describes a heap-based buffer overflow in Foxit Reader and PhantomPDF versions 7.3.4.311 and earlier on Windows. The vulnerability allows memory corruption and application crashes, potentially enabling arbitrary code execution via Bezier data in a crafted PDF. Affected components ar...

7.8CVSS8.1AI score0.05318EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-14818

CVE-2017-14818 affects Foxit Reader 8.3.1.21155 and relates to an out-of-bounds/read past end during JPEG2000 image parsing inside embedded PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a remote attacker to disclose sensitive information and, in conjunction wi...

6.5CVSS7.3AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-14820

CVE-2017-14820 affects Foxit Reader 8.3.1.21155 and describes an out-of-bounds read in the JPEG2000 SOT tile index, caused by improper validation of user-supplied data. The condition enables remote information disclosure and, when combined with other vulnerabilities, can lead to code execution in...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-16573

CVE-2017-16573 affects Foxit Reader (e.g., 8.3.1.21155). The flaw is in parsing LZWDecode filters, caused by insufficient validation of input data, leading to an out-of-bounds read that can disclose memory. The vulnerability can be leveraged with other issues to execute code in the target process...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-16577

CVE-2017-16577 affects Foxit Reader 8.3.1.21155. The flaw is in the alignment attribute of Field objects where the program fails to validate object existence before operating on it, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mali...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-16581

Foxit Reader 8.3.2.25013 is affected by CVE-2017-16581. The vulnerability is a remote code execution flaw in the author attribute of the Document object due to not validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.61 views

CVE-2017-16583

Foxit Reader 8.3.2.25013 is vulnerable to a remote code execution flaw in the XFA dataset element (missing validation of object existence). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code with the current process context. Affecte...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-10495

Foxit Reader 9.0.0.29935 is affected by a vulnerability in PDF parsing that causes a type confusion when validating user-supplied data. The flaw allows remote code execution in the context of the current process and requires the target to visit a malicious page or open a malicious file (user inte...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-11617

CVE-2018-11617 affects Foxit Reader (9.0.0.29935 and earlier) via a use-after-free in the handling of Format events for ComboBox fields. The root cause is failure to validate the existence of an object before performing operations on it, allowing remote attackers to execute arbitrary code with th...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-1173

CVE-2018-1173 affects Foxit Reader 9.0.0.29935. The root cause is a flaw in handling the XFA borderColor attribute where the code fails to validate the existence of an object before operating on it, enabling remote code execution. Multiple connected sources reference that an attacker can lure a u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-1177

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1177. The flaw lies in the handling of addAnnot, where the code fails to validate the existence of an object before performing operations, enabling remote code execution under the current process context. User interaction is required to trigger the...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14255

Foxit Reader 9.0.1.1049 is affected by a type confusion in getNthFieldName that enables remote code execution when a user opens a malicious page/file or interacts with JavaScript. The flaw allows code execution in the context of the current process and is associated with ZDI-6018. Mitigation per ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14262

CVE-2018-14262 affects Foxit Reader (example affected build: 9.0.1.1049). The root cause is a type confusion in the getURL method that can be triggered through JavaScript actions, allowing remote code execution with the attacker’s code running in the current process context. User interaction is r...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14280

Foxit Reader vulnerability CVE-2018-14280 enables remote code execution via the exportAsFDF XFA function. The flaw arises from insufficient validation of user-supplied data, allowing arbitrary file writes to attacker-controlled locations when a user opens a malicious file or visits a malicious pa...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14286

Foxit Reader: CVE-2018-14286 is a type-confusion remote-code-execution vulnerability in the mailDoc argument handling. It affects Foxit Reader 9.0.1.1049 and earlier; exploitation requires user interaction (visiting a malicious page or opening a malicious file). Root cause: improper validation of...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14309

Foxit Reader CVE-2018-14309 is a use-after-free in handling of the SeedValue Generic Object passed to signatureSetSeedValue, enabling remote code execution with user interaction. Affected products include Foxit Reader versions older than 9.2.0.9097 (and Foxit PhantomPDF pre-9.2.0.9097). The root ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-9963

Foxit Reader 9.0.1.1049 is affected by a JPEG2000 parsing flaw that allows an out-of-bounds read, enabling information disclosure and potentially code execution in the context of the current process. The vulnerability arises from inadequate validation of user-supplied data, resulting in a read pa...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.61 views

CVE-2019-6765

CVE-2019-6765 : Foxit PhantomPDF 9.4.1.16828 is affected by an out-of-bounds read in the HTML-to-PDF conversion process. The flaw, caused by improper validation of user-supplied data, permits remote code execution via a crafted HTML/file when the user visits a malicious page or opens a malicious ...

7.8CVSS7.7AI score0.03484EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.61 views

CVE-2021-27269

Foxit PhantomPDF 10.1.0.37527 is affected by CVE-2021-27269 due to improper validation in U3D object handling in PDF files, causing an out-of-bounds/write past end condition. The vulnerability enables remote code execution and requires user interaction (visiting a malicious page or opening a tain...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.61 views

CVE-2021-31441

Foxit Reader 10.1.1.37576 is affected by a code-execution vulnerability in handling of Annotation objects. The issue arises from not validating the existence of an object before performing operations on it, enabling remote code execution when a user visits a malicious page or opens a malicious fi...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2017/09/22 7:0 p.m.60 views

CVE-2017-14694

CVE-2017-14694 affects Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier when running in single instance mode. The vulnerability allows arbitrary code execution or denial of service via a crafted PDF, due to a fault in Data from Faulting Address that controls code ...

7.8CVSS7.8AI score0.07052EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.60 views

CVE-2017-14831

CVE-2017-14831 affects Foxit Reader 8.3.1.21155. The root cause is the author attribute of Circle Annotation objects: the implementation does not validate the existence of an object before operating on it, enabling remote code execution in the context of the current process when a user opens a ma...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.60 views

CVE-2018-10474

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of U3D Shading objects that can lead to remote code execution via out-of-bounds write. The issue arises from insufficient validation of user-supplied data and requires user interaction (the target must visit a malicious page o...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14246

CVE-2018-14246 affects Foxit Reader (e.g., version 9.0.1.1049) where the convertTocPDF method can trigger a type confusion in JavaScript, allowing remote code execution after user interaction (visiting a malicious page or opening a malicious file). Multiple connected advisories confirm the root c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14265

CVE-2018-14265 affects Foxit Reader (around version 9.0.1.1049 and earlier) where a flaw in the importAnXFDX method can trigger a type confusion via JavaScript, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14288

CVE-2018-14288 affects Foxit Reader (Windows) with vulnerabilities in the handling of arguments to the setFocus function, leading to a type-confusion condition that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affec...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.60 views

CVE-2019-5007

CVE-2019-5007 affects Foxit Reader and PhantomPDF for Windows prior to 9.4. It is a NULL pointer dereference during TIFF parsing that causes an out-of-bounds read, leading to information disclosure and a crash. The description in multiple sources confirms the vulnerability lies in TIFF data handl...

7.1CVSS6.6AI score0.01552EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.60 views

CVE-2020-26538

CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...

7.8CVSS7.8AI score0.00502EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.60 views

CVE-2021-38571

CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...

7.8CVSS7.5AI score0.00547EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.60 views

CVE-2023-38573

Foxit Reader (and Foxit PDF Editor) is affected by CVE-2023-38573: a use-after-free vulnerability in how the signature field is handled in Foxit Reader 12.1.2.15356. A specially crafted JavaScript in a malicious PDF can trigger reuse of a freed object, causing memory corruption and potentially ar...

8.8CVSS8.8AI score0.01907EPSS
CVE
CVE
added 2017/04/04 6:0 p.m.59 views

CVE-2016-3740

Foxit Reader 7.3.4.311 is affected by a heap-based buffer overflow in the CreateFXPDFConvertor function of ConvertToPdf_x86.dll triggered by a crafted TIFF with a large SamplesPerPixel value during PDF conversion. Root cause: mishandling of SamplesPerPixel in TIFF parsing. Consequence: remote arb...

7.8CVSS7.9AI score0.15808EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.59 views

CVE-2016-4059

Summary: CVE-2016-4059 is a use-after-free vulnerability in Foxit Reader and Foxit PhantomPDF before 7.3.4 on Windows, exploitable via a crafted FlateDecode stream in a PDF to achieve arbitrary code execution. The issue is part of a family of related flaws affecting multiple components of Foxit’s...

7.8CVSS7.8AI score0.0441EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.59 views

CVE-2016-4063

Foxit Foxit Reader/PhantomPDF prior to version 7.3.4 is affected by multiple use-after-free vulnerabilities in PDF handling (notably object revision number -1, and related FlateDecode/content stream handling). The CVE in scope (CVE-2016-4063) is described as a use-after-free enabling arbitrary co...

7.8CVSS7.8AI score0.04529EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-14822

CVE-2017-14822 affects Foxit Reader 8.3.1.21155. The root cause is an out-of-bounds read during parsing of the JPEG2000 SIZ marker xOsiz, due to inadequate validation of user-supplied data. This can allow remote attackers to disclose sensitive information via a malicious page or file; user intera...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-14835

CVE-2017-14835 : Foxit Reader 8.3.1.21155 is vulnerable to remote code execution via the XFA Layout object page method due to type confusion from improper data validation. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Impact: arbitrary code execut...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-16578

The CVE-2017-16578 entry concerns Foxit Reader 8.3.2.25013 and describes a type confusion in the XFA forms’ picture elements that allows remote code execution after user interaction (visiting a malicious page or opening a malicious file). The underlying issue is improper validation of user-suppli...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-16589

CVE-2017-16589 affects Foxit Reader 8.3.1.21155, where the vulnerability lies in parsing the yTsiz member of SIZ markers. The flaw causes an out-of-bounds read due to insufficient validation of user-supplied data, and can be exploited remotely by convincing a user to open a malicious page or file...

6.5CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10473

CVE-2018-10473 affects Foxit Reader 9.0.0.29935 and is due to improper validation in the parsing of U3D CLOD Base Mesh Continuation structures, causing an out-of-bounds write that can execute arbitrary code. The vulnerability permits remote code execution and requires user interaction (visiting a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10482

CVE-2018-10482 affects Foxit Reader 9.0.0.29935. The issue is an out-of-bounds read in the U3D Texture Image Format object caused by improper validation of user-supplied data, leading to possible information disclosure. Attack requires user interaction (malicious page or file); an attacker could ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.59 views

CVE-2018-14281

Foxit Reader vulnerability CVE-2018-14281 involves the exportData XFA function where improper validation of user-supplied data allows writing arbitrary files, enabling remote code execution under the process context. The issue requires user interaction (visiting a malicious page or opening a mali...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.59 views

CVE-2018-19342

CVE-2018-19342 affects Foxit Reader 9.3.0.10826 with the u3d plugin version 9.3.0.10809 (plugins\U3DBrowser.fpi). The root cause is a Read Access Violation starting at U3DBrowser+0x347a, resulting in an out-of-bounds read that can cause a denial of service or enable an attacker to obtain sensitiv...

7.1CVSS7.2AI score0.02027EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.59 views

CVE-2019-6753

Foxit Reader 9.3.0.10826 is affected by a vulnerability in the Stuff method that can trigger an integer overflow when handling user-supplied data, potentially enabling information disclosure and, with additional issues, code execution. Exploitation requires user interaction (visit a malicious pag...

5.5CVSS5.6AI score0.10722EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.59 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.59 views

CVE-2022-43310

Foxit Reader v11.2.118.51569 is affected by CVE-2022-43310 due to an Uncontrolled Search Path Element when searching for DLL libraries without an absolute path. This local privilege-escalation vulnerability can allow an attacker to gain high impact on confidentiality, integrity, and availability....

7.8CVSS7.7AI score0.01553EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-14826

Foxit Reader 8.3.1.21155 is affected by CVE-2017-14826 due to a type confusion in the XFA Node formNodes method caused by insufficient validation of user-supplied data. This allows remote code execution and requires user interaction (malicious page or file). Multiple sources confirm exploitation ...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-14829

CVE-2017-14829 affects Foxit Reader 8.3.1.21155. The flaw is in XFAScriptObject.openList, caused by improper validation of user-supplied data, leading to a type confusion condition that allows remote code execution in the current process when a user opens a malicious page or file. Exploitation re...

8.8CVSS8.8AI score0.0259EPSS
Total number of security vulnerabilities372