Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

cve
cve
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
cve
cve
added 2019/06/03 6:15 p.m.59 views

CVE-2019-6753

Foxit Reader 9.3.0.10826 is affected by a vulnerability in the Stuff method that can trigger an integer overflow when handling user-supplied data, potentially enabling information disclosure and, with additional issues, code execution. Exploitation requires user interaction (visit a malicious pag...

5.5CVSS5.6AI score0.10722EPSS
cve
cve
added 2020/10/02 8:1 a.m.59 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
cve
cve
added 2017/12/20 2:0 p.m.58 views

CVE-2017-14834

CVE-2017-14834 affects Foxit Reader 8.3.1.21155 and enables remote code execution through the FileAttachment annotation’s style attribute. The flaw stems from not validating the existence of an object before performing operations, allowing code to run in the current process context after a user v...

8.8CVSS8.8AI score0.0259EPSS
cve
cve
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10479

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10479 due to an out-of-bounds read in parsing U3D Key Frame structures, causing information disclosure. The vulnerability allows remote attackers to disclose sensitive information and requires user interaction (visiting a malicious page or opening ...

6.5CVSS6.5AI score0.02536EPSS
cve
cve
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10494

Foxit Reader 9.0.1.1049 is affected by a stack-based buffer overflow in the parsing of U3D 3DView objects. The issue stems from insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution under the process context. Expl...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-11621

Foxit Reader (Windows) vulnerability CVE-2018-11621 affects Foxit Reader 9.0.1.1049 with the ConvertToPDF_x86.dll causing an out-of-bounds read that discloses sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file); an attacker could l...

6.5CVSS6.8AI score0.02629EPSS
cve
cve
added 2018/05/17 3:0 p.m.58 views

CVE-2018-1176

Foxit Reader 9.0.0.29935 is affected by an ePub parsing vulnerability that allows remote code execution via a write past the end of an allocated object due to insufficient input validation. The issue can be triggered when a user visits a malicious page or opens a malicious file, requiring user in...

8.8CVSS8.8AI score0.03553EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14253

The CVE-2018-14253 entry concerns Foxit Reader (variants of Foxit Reader 9.0.1.1049 and affected 9.x lines). The vulnerability is a type-confusion in the getIcon method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14259

CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14290

CVE-2018-14290 refers to a heap-based buffer overflow in Foxit Reader (notably 9.0.1.5096 and earlier) triggered during PDF parsing due to insufficient validation of the length of user-controlled data. The flaw allows remote code execution under the process’s context when a user opens a malicious...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14299

CVE-2018-14299 affects Foxit Reader prior to 9.2.0.9097, due to a Line annotations processing flaw that allows use-after-free; remote code execution is possible with attacker-controlled document elements and user interaction. Exploitation is described in multiple advisories (ZDI-18-759, CNVD-2018...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14316

Foxit Reader vulnerability CVE-2018-14316 affects Foxit Reader 9.0.1.5096 where PDF processing lacks proper validation, causing a read past the end of an allocated buffer. This enables remote code execution in the context of the current process and requires user interaction (visiting a malicious ...

6.5CVSS6.8AI score0.02629EPSS
cve
cve
added 2018/11/17 9:0 p.m.58 views

CVE-2018-19346

The CVE-2018-19346 issue affects Foxit Reader 9.3.0.10826 via the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi) loaded in FoxitReader.exe. The vulnerability is an out-of-bounds read triggered by processing a U3D sample, where Data from Faulting Address controls Branch Selection starting at U3DB...

7.1CVSS7.2AI score0.01653EPSS
cve
cve
added 2018/11/17 9:0 p.m.58 views

CVE-2018-19348

The CVE-2018-19348 entry concerns Foxit Reader’s u3d plugin (9.3.0.10809 in FoxitReader.exe, Foxit Reader 9.3.0.10826). The issue is an out-of-bounds read triggered by a U3D sample that allows a remote attacker to cause a denial of service or access sensitive information due to Data from Faulting...

7.1CVSS7.2AI score0.02027EPSS
cve
cve
added 2021/03/30 2:35 p.m.58 views

CVE-2021-27262

CVE-2021-27262 affects Foxit PhantomPDF 10.1.0.37527. The root cause is improper validation of data in U3D object handling within PDFs, causing an out-of-bounds read that can disclose sensitive information. The vulnerability enables information disclosure and, in combination with other flaws, cou...

4.3CVSS3.8AI score0.02023EPSS
cve
cve
added 2021/03/30 2:35 p.m.58 views

CVE-2021-27268

CVE-2021-27268 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability is a U3D object handling flaw in PDFs where the software does not validate the existence of an object before performing operations, enabling an attacker to execute code in the current process. Technical details surfaced acros...

7.8CVSS7.8AI score0.02491EPSS
cve
cve
added 2021/03/30 2:35 p.m.58 views

CVE-2021-27271

CVE-2021-27271 affects Foxit PhantomPDF 10.1.0.37527. The issue is an out-of-bounds read in the handling of U3D objects in PDFs, allowing remote code execution with user interaction required (open a malicious file/page). Root cause: improper validation of user-supplied data in U3D processing. Exp...

7.8CVSS7.8AI score0.03304EPSS
cve
cve
added 2023/11/27 3:25 p.m.58 views

CVE-2023-39542

CVE-2023-39542 describes a code execution vulnerability in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, potentially leading to remote code execution. An attacker must trick the user into opening the malicious file, and expl...

8.8CVSS8.8AI score0.03346EPSS
cve
cve
added 2016/04/13 3:0 p.m.57 views

CVE-2015-8843

Foxit Reader contains a local privilege escalation in the FoxitCloudUpdateService. When a Cloud plugin update is available, an attacker can write crafted data to a shared memory region, triggering memory corruption and enabling privilege gains. Affected versions: Foxit Reader 6.1–6.2.x and 7.x be...

7.4CVSS7.4AI score0.00656EPSS
cve
cve
added 2016/04/22 2:0 p.m.57 views

CVE-2016-4062

Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...

5.5CVSS6AI score0.01377EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-10958

Foxit Reader 8.3.1.21155 is affected by CVE-2017-10958. The flaw resides in the value attribute of Field objects and stems from not validating the existence of an object before performing operations, enabling remote code execution when a user visits a malicious page or opens a malicious file. Imp...

8.8CVSS8.8AI score0.0259EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-10959

CVE-2017-10959 affects Foxit Reader 8.3.1.21155 and is due to a flaw in the Link objects’ setAction method where the code fails to validate object existence before acting, enabling remote code execution in the current process. Exploitation typically requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.03014EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-14819

CVE-2017-14819 affects Foxit Reader 8.3.1.21155 and is caused by an out-of-bounds read in the channel number member of the cdef box within JPEG2000 processing, leading to potential information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...

6.5CVSS7.2AI score0.02456EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-14828

CVE-2017-14828 affects Foxit Reader 8.3.1.21155 where a type-confusion in the XFA Layout w method allows remote code execution. Exploitation requires user interaction (malicious page or file). Root cause: improper validation of user-supplied data. Impact: arbitrary code execution in the current p...

8.8CVSS8.8AI score0.0259EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-14837

CVE-2017-14837 affects Foxit Reader 8.3.1.21155, with a remote code execution flaw in the XFA Layout objects pageSpan method caused by improper validation of user-supplied data, enabling code execution with user interaction (via a malicious page or file). Multiple corroborating sources classify t...

8.8CVSS8.8AI score0.0259EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-16582

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the clearItems XFA method due to improper validation, leading to a type confusion. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can run code with the current proc...

8.8CVSS8.8AI score0.0259EPSS
cve
cve
added 2017/12/20 2:0 p.m.57 views

CVE-2017-16588

CVE-2017-16588 corresponds to a Foxit Reader vulnerability where the parser mishandles SOT markers, leading to an out-of-bounds read and information disclosure. It affects Foxit Reader 8.3.1.21155 and is exploitable remotely with user interaction (visiting a malicious page or opening a malicious ...

6.5CVSS7.2AI score0.02802EPSS
cve
cve
added 2017/05/03 5:13 a.m.57 views

CVE-2017-8454

CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...

8.8CVSS8.8AI score0.03939EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-11623

CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...

8.8CVSS8.8AI score0.02882EPSS
cve
cve
added 2018/05/17 3:0 p.m.57 views

CVE-2018-1179

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1179 through a flaw in parsing GIF DataSubBlock structures. The vulnerability arises from insufficient validation of user-supplied data, enabling an out-of-bounds read past an allocated data structure. This can disclose sensitive information and, i...

6.5CVSS6.5AI score0.02536EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14257

CVE-2018-14257 is a Foxit Reader remote code execution vulnerability in the getPageBox method that enables code execution via crafted JavaScript when a user visits a malicious page or opens a malicious file. The issue is a type confusion condition triggered by actions in JavaScript, allowing an a...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14261

CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14264

CVE-2018-14264 is a type confusion remote-code-execution vulnerability in Foxit Reader (importAnFDF method). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code in the current process. Affected products include Foxit Reader versions ...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14268

Foxit Reader CVE-2018-14268 is a type-confusion remote code execution in the mailForm method of Foxit Reader (9.0.1.1049 and earlier). Exploitation requires user interaction (visiting a malicious page or opening a crafted file). The flaw enables code execution under the current process context an...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14272

CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14287

Foxit Reader (v9.0.1.1049) is affected by CVE-2018-14287 due to a type confusion in the handling of arguments passed to instanceManager.nodes.append. The flaw allows remote code execution with user interaction required (visiting a malicious page or opening a crafted file). Exploitation context is...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14293

CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14298

CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/11/17 9:0 p.m.57 views

CVE-2018-19343

Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...

7.1CVSS8AI score0.01653EPSS
cve
cve
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9942

The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9950

Foxit Reader 9.0.0.29935 is affected by a PDF parsing vulnerability that can disclose sensitive information via an out-of-bounds read in memory. The flaw arises from insufficient validation of user-supplied data, enabling a remote attacker to exfiltrate data after the target visits a malicious pa...

6.5CVSS6.5AI score0.04192EPSS
cve
cve
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9955

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9970

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2019/06/03 6:15 p.m.57 views

CVE-2019-6752

Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...

5.5CVSS5.4AI score0.02551EPSS
cve
cve
added 2019/05/13 4:5 p.m.57 views

CVE-2019-8342

Foxit Reader for macOS (version 3.1.0.0111) contains a Local Privilege Escalation in the libqcocoa.dylib component caused by an incorrect permission set. The issue enables elevation of privileges within the same host, with a CVSS v3 base score of 7.8 (HIGH) and LOCAL attack vector; no user intera...

7.8CVSS7.4AI score0.00545EPSS
cve
cve
added 2020/10/02 8:1 a.m.57 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
cve
cve
added 2021/03/30 2:35 p.m.57 views

CVE-2021-27267

CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...

7.8CVSS7.8AI score0.02491EPSS
cve
cve
added 2011/06/24 8:0 p.m.56 views

CVE-2011-1908

CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...

9.3CVSS8AI score0.0498EPSS
cve
cve
added 2015/05/01 3:0 p.m.56 views

CVE-2015-3633

CVE-2015-3633 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1.5. The vulnerability allows remote denial of service via vectors related to digital signatures, caused by memory corruption. Affected components include the PDF handling and digital-signature paths. Imp...

5CVSS6.9AI score0.02691EPSS
Total number of security vulnerabilities372