Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-14829

CVE-2017-14829 affects Foxit Reader 8.3.1.21155. The flaw is in XFAScriptObject.openList, caused by improper validation of user-supplied data, leading to a type confusion condition that allows remote code execution in the current process when a user opens a malicious page or file. Exploitation re...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-14834

CVE-2017-14834 affects Foxit Reader 8.3.1.21155 and enables remote code execution through the FileAttachment annotation’s style attribute. The flaw stems from not validating the existence of an object before performing operations, allowing code to run in the current process context after a user v...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-16582

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the clearItems XFA method due to improper validation, leading to a type confusion. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can run code with the current proc...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.59 views

CVE-2017-16589

CVE-2017-16589 affects Foxit Reader 8.3.1.21155, where the vulnerability lies in parsing the yTsiz member of SIZ markers. The flaw causes an out-of-bounds read due to insufficient validation of user-supplied data, and can be exploited remotely by convincing a user to open a malicious page or file...

6.5CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10473

CVE-2018-10473 affects Foxit Reader 9.0.0.29935 and is due to improper validation in the parsing of U3D CLOD Base Mesh Continuation structures, causing an out-of-bounds write that can execute arbitrary code. The vulnerability permits remote code execution and requires user interaction (visiting a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10481

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read vulnerability in the U3D Texture Resource parsing path. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated data structure and enable sensitive information disclosure. ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-1174

CVE-2018-1174 affects Foxit Reader 9.0.0.29935 and is tied to the PrintParams bitmapDPI object. The root cause is uninitialized memory access in that handling, enabling information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, in c...

6.5CVSS6.5AI score0.02629EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.59 views

CVE-2018-14287

Foxit Reader (v9.0.1.1049) is affected by CVE-2018-14287 due to a type confusion in the handling of arguments passed to instanceManager.nodes.append. The flaw allows remote code execution with user interaction required (visiting a malicious page or opening a crafted file). Exploitation context is...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.59 views

CVE-2018-14299

CVE-2018-14299 affects Foxit Reader prior to 9.2.0.9097, due to a Line annotations processing flaw that allows use-after-free; remote code execution is possible with attacker-controlled document elements and user interaction. Exploitation is described in multiple advisories (ZDI-18-759, CNVD-2018...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.59 views

CVE-2018-14316

Foxit Reader vulnerability CVE-2018-14316 affects Foxit Reader 9.0.1.5096 where PDF processing lacks proper validation, causing a read past the end of an allocated buffer. This enables remote code execution in the context of the current process and requires user interaction (visiting a malicious ...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.59 views

CVE-2018-19342

CVE-2018-19342 affects Foxit Reader 9.3.0.10826 with the u3d plugin version 9.3.0.10809 (plugins\U3DBrowser.fpi). The root cause is a Read Access Violation starting at U3DBrowser+0x347a, resulting in an out-of-bounds read that can cause a denial of service or enable an attacker to obtain sensitiv...

7.1CVSS7.2AI score0.02027EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-9950

Foxit Reader 9.0.0.29935 is affected by a PDF parsing vulnerability that can disclose sensitive information via an out-of-bounds read in memory. The flaw arises from insufficient validation of user-supplied data, enabling a remote attacker to exfiltrate data after the target visits a malicious pa...

6.5CVSS6.5AI score0.04192EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-9954

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9954 due to a flaw in handling XFA Button elements. The bug occurs when setting the y attribute, where the code does not properly validate the existence of an object before operating on it, enabling remote code execution under the process context. E...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-9957

The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.59 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.59 views

CVE-2021-27262

CVE-2021-27262 affects Foxit PhantomPDF 10.1.0.37527. The root cause is improper validation of data in U3D object handling within PDFs, causing an out-of-bounds read that can disclose sensitive information. The vulnerability enables information disclosure and, in combination with other flaws, cou...

4.3CVSS3.8AI score0.02023EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.59 views

CVE-2021-27268

CVE-2021-27268 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability is a U3D object handling flaw in PDFs where the software does not validate the existence of an object before performing operations, enabling an attacker to execute code in the current process. Technical details surfaced acros...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.59 views

CVE-2021-27271

CVE-2021-27271 affects Foxit PhantomPDF 10.1.0.37527. The issue is an out-of-bounds read in the handling of U3D objects in PDFs, allowing remote code execution with user interaction required (open a malicious file/page). Root cause: improper validation of user-supplied data in U3D processing. Exp...

7.8CVSS7.8AI score0.03304EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.59 views

CVE-2023-39542

CVE-2023-39542 describes a code execution vulnerability in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, potentially leading to remote code execution. An attacker must trick the user into opening the malicious file, and expl...

8.8CVSS8.8AI score0.03346EPSS
CVE
CVE
added 2011/09/27 7:0 p.m.58 views

CVE-2011-3691

Foxit Reader before 5.0.2.0718 is affected by an untrusted search path vulnerability that allows local users to gain privileges by placing Trojan horse DLLs (dwmapi.dll, dwrite.dll, or msdrm.dll) in the current working directory. Multiple sources (NVD, Red Hat, CVE listing, and Nessus plugin) cor...

9.3CVSS6.7AI score0.01083EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-14837

CVE-2017-14837 affects Foxit Reader 8.3.1.21155, with a remote code execution flaw in the XFA Layout objects pageSpan method caused by improper validation of user-supplied data, enabling code execution with user interaction (via a malicious page or file). Multiple corroborating sources classify t...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-16586

CVE-2017-16586 affects Foxit Reader 8.3.2.25013 (Windows) with a use-after-free-like flaw in addAnnot that fails to validate object existence before performing operations, enabling remote code execution under the current process when a user opens a malicious page or file. Exploitation requires us...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-16587

Foxit Reader 8.3.2.25013 is affected by CVE-2017-16587 due to a removeField method that fails to verify object existence before operating, enabling remote code execution with user interaction (malicious page/file). Exploitation is described across multiple sources (NVD/CNVD/ZDI) with the root cau...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.58 views

CVE-2017-16588

CVE-2017-16588 corresponds to a Foxit Reader vulnerability where the parser mishandles SOT markers, leading to an out-of-bounds read and information disclosure. It affects Foxit Reader 8.3.1.21155 and is exploitable remotely with user interaction (visiting a malicious page or opening a malicious ...

6.5CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10479

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10479 due to an out-of-bounds read in parsing U3D Key Frame structures, causing information disclosure. The vulnerability allows remote attackers to disclose sensitive information and requires user interaction (visiting a malicious page or opening ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10484

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10484. The vulnerability stems from parsing U3D Node objects and is caused by a pointer that is not properly initialized before use, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mali...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10494

Foxit Reader 9.0.1.1049 is affected by a stack-based buffer overflow in the parsing of U3D 3DView objects. The issue stems from insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution under the process context. Expl...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-11621

Foxit Reader (Windows) vulnerability CVE-2018-11621 affects Foxit Reader 9.0.1.1049 with the ConvertToPDF_x86.dll causing an out-of-bounds read that discloses sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file); an attacker could l...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-1176

Foxit Reader 9.0.0.29935 is affected by an ePub parsing vulnerability that allows remote code execution via a write past the end of an allocated object due to insufficient input validation. The issue can be triggered when a user visits a malicious page or opens a malicious file, requiring user in...

8.8CVSS8.8AI score0.03553EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-1179

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1179 through a flaw in parsing GIF DataSubBlock structures. The vulnerability arises from insufficient validation of user-supplied data, enabling an out-of-bounds read past an allocated data structure. This can disclose sensitive information and, i...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14257

CVE-2018-14257 is a Foxit Reader remote code execution vulnerability in the getPageBox method that enables code execution via crafted JavaScript when a user visits a malicious page or opens a malicious file. The issue is a type confusion condition triggered by actions in JavaScript, allowing an a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14259

CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14268

Foxit Reader CVE-2018-14268 is a type-confusion remote code execution in the mailForm method of Foxit Reader (9.0.1.1049 and earlier). Exploitation requires user interaction (visiting a malicious page or opening a crafted file). The flaw enables code execution under the current process context an...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14270

CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14276

Foxit Reader vulnerability CVE-2018-14276 arises from a type confusion in the submitForm method that allows remote code execution when a user visits a crafted page or opens a malicious file. The issue affects Foxit Reader (e.g., versions around 9.0.x), with escalation in the current advisories in...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14289

CVE-2018-14289 affects Foxit Reader, including version 9.0.1.5096, with an out-of-bounds read in PDF document parsing that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be leveraged with other issues...

6.5CVSS6.8AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14290

CVE-2018-14290 refers to a heap-based buffer overflow in Foxit Reader (notably 9.0.1.5096 and earlier) triggered during PDF parsing due to insufficient validation of the length of user-controlled data. The flaw allows remote code execution under the process’s context when a user opens a malicious...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14294

CVE-2018-14294 affects Foxit Reader; vulnerable component is the processing of FileAttachment annotations. An attacker can craft a document to trigger a use-after-free, enabling remote code execution in the current process after user opens a malicious file or visits a malicious page. Impact is re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.58 views

CVE-2018-19346

The CVE-2018-19346 issue affects Foxit Reader 9.3.0.10826 via the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi) loaded in FoxitReader.exe. The vulnerability is an out-of-bounds read triggered by processing a U3D sample, where Data from Faulting Address controls Branch Selection starting at U3DB...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.58 views

CVE-2018-19348

The CVE-2018-19348 entry concerns Foxit Reader’s u3d plugin (9.3.0.10809 in FoxitReader.exe, Foxit Reader 9.3.0.10826). The issue is an out-of-bounds read triggered by a U3D sample that allows a remote attacker to cause a denial of service or access sensitive information due to Data from Faulting...

7.1CVSS7.2AI score0.02027EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-9955

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-9971

Foxit Reader 9.0.1.104 is affected by a vulnerability in ConvertToPDF_x86.dll that allows remote disclosure of sensitive information due to an out-of-bounds read (read past the end of an allocated object) caused by insufficient input validation. The issue can be exploited by convincing a user to ...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2019/05/13 4:5 p.m.58 views

CVE-2019-8342

Foxit Reader for macOS (version 3.1.0.0111) contains a Local Privilege Escalation in the libqcocoa.dylib component caused by an incorrect permission set. The issue enables elevation of privileges within the same host, with a CVSS v3 base score of 7.8 (HIGH) and LOCAL attack vector; no user intera...

7.8CVSS7.4AI score0.00545EPSS
CVE
CVE
added 2015/05/01 3:0 p.m.57 views

CVE-2015-3633

CVE-2015-3633 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1.5. The vulnerability allows remote denial of service via vectors related to digital signatures, caused by memory corruption. Affected components include the PDF handling and digital-signature paths. Imp...

5CVSS6.9AI score0.02691EPSS
CVE
CVE
added 2016/04/13 3:0 p.m.57 views

CVE-2015-8843

Foxit Reader contains a local privilege escalation in the FoxitCloudUpdateService. When a Cloud plugin update is available, an attacker can write crafted data to a shared memory region, triggering memory corruption and enabling privilege gains. Affected versions: Foxit Reader 6.1–6.2.x and 7.x be...

7.4CVSS7.4AI score0.00656EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.57 views

CVE-2016-4062

Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...

5.5CVSS6AI score0.01377EPSS
CVE
CVE
added 2018/02/07 5:0 p.m.57 views

CVE-2016-6168

CVE-2016-6168 affects Foxit Reader and Foxit PhantomPDF 7.3.4.311 and earlier on Windows. A use-after-free in the PDF handling can lead to denial of service and arbitrary code execution via a crafted PDF. The issue is publicly documented across multiple sources; remediation is to update to Foxit ...

7.8CVSS7.7AI score0.03294EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.57 views

CVE-2017-10956

CVE-2017-10956 affects Foxit Reader 8.3.1.21155. The vulnerability is an out-of-bounds read in the tile index member of SOT markers due to insufficient validation of user-supplied data, allowing disclosure of sensitive information. Remote attackers can trigger via a malicious page or file, and it...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.57 views

CVE-2017-10959

CVE-2017-10959 affects Foxit Reader 8.3.1.21155 and is due to a flaw in the Link objects’ setAction method where the code fails to validate object existence before acting, enabling remote code execution in the current process. Exploitation typically requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.03014EPSS
Total number of security vulnerabilities372