372 matches found
CVE-2019-5006
CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...
CVE-2019-6753
Foxit Reader 9.3.0.10826 is affected by a vulnerability in the Stuff method that can trigger an integer overflow when handling user-supplied data, potentially enabling information disclosure and, with additional issues, code execution. Exploitation requires user interaction (visit a malicious pag...
CVE-2020-26535
Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...
CVE-2017-14834
CVE-2017-14834 affects Foxit Reader 8.3.1.21155 and enables remote code execution through the FileAttachment annotation’s style attribute. The flaw stems from not validating the existence of an object before performing operations, allowing code to run in the current process context after a user v...
CVE-2018-10479
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10479 due to an out-of-bounds read in parsing U3D Key Frame structures, causing information disclosure. The vulnerability allows remote attackers to disclose sensitive information and requires user interaction (visiting a malicious page or opening ...
CVE-2018-10494
Foxit Reader 9.0.1.1049 is affected by a stack-based buffer overflow in the parsing of U3D 3DView objects. The issue stems from insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution under the process context. Expl...
CVE-2018-11621
Foxit Reader (Windows) vulnerability CVE-2018-11621 affects Foxit Reader 9.0.1.1049 with the ConvertToPDF_x86.dll causing an out-of-bounds read that discloses sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file); an attacker could l...
CVE-2018-1176
Foxit Reader 9.0.0.29935 is affected by an ePub parsing vulnerability that allows remote code execution via a write past the end of an allocated object due to insufficient input validation. The issue can be triggered when a user visits a malicious page or opens a malicious file, requiring user in...
CVE-2018-14253
The CVE-2018-14253 entry concerns Foxit Reader (variants of Foxit Reader 9.0.1.1049 and affected 9.x lines). The vulnerability is a type-confusion in the getIcon method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...
CVE-2018-14259
CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...
CVE-2018-14290
CVE-2018-14290 refers to a heap-based buffer overflow in Foxit Reader (notably 9.0.1.5096 and earlier) triggered during PDF parsing due to insufficient validation of the length of user-controlled data. The flaw allows remote code execution under the process’s context when a user opens a malicious...
CVE-2018-14299
CVE-2018-14299 affects Foxit Reader prior to 9.2.0.9097, due to a Line annotations processing flaw that allows use-after-free; remote code execution is possible with attacker-controlled document elements and user interaction. Exploitation is described in multiple advisories (ZDI-18-759, CNVD-2018...
CVE-2018-14316
Foxit Reader vulnerability CVE-2018-14316 affects Foxit Reader 9.0.1.5096 where PDF processing lacks proper validation, causing a read past the end of an allocated buffer. This enables remote code execution in the context of the current process and requires user interaction (visiting a malicious ...
CVE-2018-19346
The CVE-2018-19346 issue affects Foxit Reader 9.3.0.10826 via the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi) loaded in FoxitReader.exe. The vulnerability is an out-of-bounds read triggered by processing a U3D sample, where Data from Faulting Address controls Branch Selection starting at U3DB...
CVE-2018-19348
The CVE-2018-19348 entry concerns Foxit Reader’s u3d plugin (9.3.0.10809 in FoxitReader.exe, Foxit Reader 9.3.0.10826). The issue is an out-of-bounds read triggered by a U3D sample that allows a remote attacker to cause a denial of service or access sensitive information due to Data from Faulting...
CVE-2021-27262
CVE-2021-27262 affects Foxit PhantomPDF 10.1.0.37527. The root cause is improper validation of data in U3D object handling within PDFs, causing an out-of-bounds read that can disclose sensitive information. The vulnerability enables information disclosure and, in combination with other flaws, cou...
CVE-2021-27268
CVE-2021-27268 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability is a U3D object handling flaw in PDFs where the software does not validate the existence of an object before performing operations, enabling an attacker to execute code in the current process. Technical details surfaced acros...
CVE-2021-27271
CVE-2021-27271 affects Foxit PhantomPDF 10.1.0.37527. The issue is an out-of-bounds read in the handling of U3D objects in PDFs, allowing remote code execution with user interaction required (open a malicious file/page). Root cause: improper validation of user-supplied data in U3D processing. Exp...
CVE-2023-39542
CVE-2023-39542 describes a code execution vulnerability in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, potentially leading to remote code execution. An attacker must trick the user into opening the malicious file, and expl...
CVE-2015-8843
Foxit Reader contains a local privilege escalation in the FoxitCloudUpdateService. When a Cloud plugin update is available, an attacker can write crafted data to a shared memory region, triggering memory corruption and enabling privilege gains. Affected versions: Foxit Reader 6.1–6.2.x and 7.x be...
CVE-2016-4062
Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...
CVE-2017-10958
Foxit Reader 8.3.1.21155 is affected by CVE-2017-10958. The flaw resides in the value attribute of Field objects and stems from not validating the existence of an object before performing operations, enabling remote code execution when a user visits a malicious page or opens a malicious file. Imp...
CVE-2017-10959
CVE-2017-10959 affects Foxit Reader 8.3.1.21155 and is due to a flaw in the Link objects’ setAction method where the code fails to validate object existence before acting, enabling remote code execution in the current process. Exploitation typically requires user interaction (visiting a malicious...
CVE-2017-14819
CVE-2017-14819 affects Foxit Reader 8.3.1.21155 and is caused by an out-of-bounds read in the channel number member of the cdef box within JPEG2000 processing, leading to potential information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...
CVE-2017-14828
CVE-2017-14828 affects Foxit Reader 8.3.1.21155 where a type-confusion in the XFA Layout w method allows remote code execution. Exploitation requires user interaction (malicious page or file). Root cause: improper validation of user-supplied data. Impact: arbitrary code execution in the current p...
CVE-2017-14837
CVE-2017-14837 affects Foxit Reader 8.3.1.21155, with a remote code execution flaw in the XFA Layout objects pageSpan method caused by improper validation of user-supplied data, enabling code execution with user interaction (via a malicious page or file). Multiple corroborating sources classify t...
CVE-2017-16582
Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the clearItems XFA method due to improper validation, leading to a type confusion. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can run code with the current proc...
CVE-2017-16588
CVE-2017-16588 corresponds to a Foxit Reader vulnerability where the parser mishandles SOT markers, leading to an out-of-bounds read and information disclosure. It affects Foxit Reader 8.3.1.21155 and is exploitable remotely with user interaction (visiting a malicious page or opening a malicious ...
CVE-2017-8454
CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...
CVE-2018-11623
CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...
CVE-2018-1179
Foxit Reader 9.0.0.29935 is affected by CVE-2018-1179 through a flaw in parsing GIF DataSubBlock structures. The vulnerability arises from insufficient validation of user-supplied data, enabling an out-of-bounds read past an allocated data structure. This can disclose sensitive information and, i...
CVE-2018-14257
CVE-2018-14257 is a Foxit Reader remote code execution vulnerability in the getPageBox method that enables code execution via crafted JavaScript when a user visits a malicious page or opens a malicious file. The issue is a type confusion condition triggered by actions in JavaScript, allowing an a...
CVE-2018-14261
CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...
CVE-2018-14264
CVE-2018-14264 is a type confusion remote-code-execution vulnerability in Foxit Reader (importAnFDF method). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code in the current process. Affected products include Foxit Reader versions ...
CVE-2018-14268
Foxit Reader CVE-2018-14268 is a type-confusion remote code execution in the mailForm method of Foxit Reader (9.0.1.1049 and earlier). Exploitation requires user interaction (visiting a malicious page or opening a crafted file). The flaw enables code execution under the current process context an...
CVE-2018-14272
CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...
CVE-2018-14287
Foxit Reader (v9.0.1.1049) is affected by CVE-2018-14287 due to a type confusion in the handling of arguments passed to instanceManager.nodes.append. The flaw allows remote code execution with user interaction required (visiting a malicious page or opening a crafted file). Exploitation context is...
CVE-2018-14293
CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...
CVE-2018-14298
CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...
CVE-2018-19343
Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...
CVE-2018-9942
The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...
CVE-2018-9950
Foxit Reader 9.0.0.29935 is affected by a PDF parsing vulnerability that can disclose sensitive information via an out-of-bounds read in memory. The flaw arises from insufficient validation of user-supplied data, enabling a remote attacker to exfiltrate data after the target visits a malicious pa...
CVE-2018-9955
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...
CVE-2018-9970
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...
CVE-2019-6752
Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...
CVE-2019-8342
Foxit Reader for macOS (version 3.1.0.0111) contains a Local Privilege Escalation in the libqcocoa.dylib component caused by an incorrect permission set. The issue enables elevation of privileges within the same host, with a CVSS v3 base score of 7.8 (HIGH) and LOCAL attack vector; no user intera...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2021-27267
CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...
CVE-2011-1908
CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...
CVE-2015-3633
CVE-2015-3633 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1.5. The vulnerability allows remote denial of service via vectors related to digital signatures, caused by memory corruption. Affected components include the PDF handling and digital-signature paths. Imp...