Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2017/12/20 2:0 p.m.57 views

CVE-2017-14825

CVE-2017-14825 affects Foxit Reader; vulnerability is a type confusion in XFAScriptObject.remove, enabling remote code execution. Affected: Foxit Reader 8.3.1.21155 with user interaction required (malicious page/file). Documented exploitation exists (malware in the wild per OpenVAS/OpenVAS notes)...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.57 views

CVE-2017-8454

CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...

8.8CVSS8.8AI score0.03939EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-10491

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10491 due to an out-of-bounds write in the parsing of U3D Bone Weight Modifier structures, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability context is ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-11623

CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...

8.8CVSS8.8AI score0.02882EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-1175

CVE-2018-1175 affects Foxit Reader 9.0.0.29935. The flaw is in the handling of the interactive attribute of PrintParams objects, arising from lack of proper memory initialization. This leads to information disclosure, with remote attackers able to access sensitive data; exploitation requires user...

6.5CVSS6.5AI score0.02704EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14261

CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14264

CVE-2018-14264 is a type confusion remote-code-execution vulnerability in Foxit Reader (importAnFDF method). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code in the current process. Affected products include Foxit Reader versions ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14270

CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14272

CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14293

CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14298

CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14307

CVE-2018-14307 affects Foxit Reader (e.g., 9.0.1.5096; CNVD lists 9.1.0.5096 and earlier) due to a use-after-free in the processing of Link objects, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction. Related advisories (ZDI-18-767; OpenV...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14310

CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14313

CVE-2018-14313 affects Foxit Reader (pre-9.2.0.9097) with a type-confusion vulnerability in PDF handling that enables remote code execution. The issue requires user interaction (visit a malicious page or open a malicious file) and can allow code execution in the current process. Related advisorie...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14314

CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.57 views

CVE-2018-19341

The CVE-2018-19341 issue affects Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). A U3D sample can cause a denial of service (out-of-bounds read) and possible information disclosure due to a Read Access Violation near NULL in FoxitReader!std::basic_ostream >::...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.57 views

CVE-2018-19343

Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...

7.1CVSS8AI score0.01653EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9942

The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9951

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...

8.8CVSS8.8AI score0.04836EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9970

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.57 views

CVE-2019-6752

Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...

5.5CVSS5.4AI score0.02551EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.57 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.57 views

CVE-2021-27267

CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2011/06/24 8:0 p.m.56 views

CVE-2011-1908

CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...

9.3CVSS8AI score0.0498EPSS
CVE
CVE
added 2017/03/14 9:2 a.m.56 views

CVE-2017-6883

The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...

4.7CVSS6.7AI score0.03378EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14242

CVE-2018-14242 is a type-confusion remote code execution vulnerability in Foxit Reader, fixed by updates after Foxit Reader 9.2.0.9097. The flaw resides in the addField method and can be triggered by JavaScript actions on a malicious page or file, requiring user interaction. Impact is arbitrary c...

8.8CVSS8.8AI score0.02882EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14266

CVE-2018-14266 affects Foxit Reader (notably 9.0.1.1049 and earlier) and is caused by a flaw in the importDataObject method that leads to a type confusion. An attacker can trigger this remotely by convincing a user to visit a malicious page or open a malicious file, initiating remote code executi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14271

The CVE-2018-14271 entry describes a type-confusion remote code execution in Foxit Reader, caused by the removeField method. The flaw allows code execution in the current process context and requires user interaction (visiting a malicious page or opening a malicious file). Affected products inclu...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14283

CVE-2018-14283 affects Foxit Reader (Windows) versions older than 9.2.0.9097. The flaw is in the highlightMode attribute and stems from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that enables remote code execution under the ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14297

CVE-2018-14297 affects Foxit Reader (and Foxit PhantomPDF in some listings). The vulnerability is a use-after-free in the processing of FreeText annotations, where manipulating a document’s elements can cause a freed pointer to be reused, enabling remote code execution. Exploitation requires user...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.56 views

CVE-2018-19344

The CVE-2018-19344 entry concerns Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). The affected component is the U3D parser in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, leading to a denial of service and potential informa...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.56 views

CVE-2018-19388

Foxit Reader 9.3.0.10826 (FoxitReader.exe) is affected by a DoS vulnerability triggered by TIFF data due to a ConvertToPDF_x86!ReleaseFXURLToHtml issue, leading to out-of-bounds read, access violation, and application crash. The issue is described across multiple sources (NVD, CNVD, CVE records) ...

5.5CVSS6.1AI score0.02171EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9937

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9952

The CVE-2018-9952 vulnerability affects Foxit Reader 9.0.1.1049 and is due to improper validation when handling XFA Button elements, specifically when setting the formattedValue attribute, allowing an attacker to execute code under the current process. Exploitation requires user interaction (visi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9965

Foxit Reader 9.0.1.1049 is affected by a Link.setAction vulnerability that allows remote code execution via crafted user interaction. The flaw arises from not validating an object’s existence before operations, enabling code execution in the current process. Exploitation details are associated wi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9977

The CVE-2018-9977 issue affects Foxit Reader 9.0.0.29935 and is caused by a parsing flaw in Modifier Chain objects within U3D files, where the software does not validate the existence of an object before performing operations. This leads to remote code execution with the attacker’s code running i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.56 views

CVE-2021-27266

CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...

4.3CVSS3.8AI score0.02187EPSS
CVE
CVE
added 2012/09/06 10:0 a.m.55 views

CVE-2012-4759

CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...

6.9CVSS6.7AI score0.00864EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.55 views

CVE-2017-10957

CVE-2017-10957 affects Foxit Reader 8.3.1.21155. The flaw is in the arrowEnd attribute of Annotation objects, arising from not validating the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a ma...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.55 views

CVE-2017-14832

The CVE-2017-14832 issue affects Foxit Reader 8.3.1.21155, where the style attribute of Caret Annotation objects can be exploited to execute arbitrary code. The root cause is the failure to validate the existence of an object before performing operations on it, enabling remote code execution when...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.55 views

CVE-2017-16580

CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-10486

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-10489

Affected software: Foxit Reader 9.0.0.29935. Vulnerability: U3D Clod Progressive Mesh Declaration parsing flaw leading to an out-of-bounds write. Root cause: Lack of proper validation of user-supplied data in the U3D Mesh Declaration parsing, causing a write past the end of an allocated structure...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-11620

CVE-2018-11620 affects Foxit Reader (up to version 9.0.1.1049) with an out-of-bounds read in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This can disclose sensitive information and, in conjunction with other vulnerabilities, may enable arbitrary code execution in...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14251

Foxit Reader CVE-2018-14251 is a type-confusion remote code execution affecting Foxit Reader 9.0.1.1049. The flaw occurs in getDataObject and can be triggered via actions in JavaScript after the user visits a malicious page or opens a malicious file, enabling code execution in the current process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14296

Foxit Reader Circle Annotation use-after-free remote-code-execution vulnerability (CVE-2018-14296) affects Foxit Reader 9.0.1.5096 and earlier; exploits require user interaction (open a malicious file/page). The flaw lies in processing Circle annotations, where a pointer can be reused after free,...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9936

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9976

CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9983

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D parsing path. The issue stems from insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malic...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.55 views

CVE-2023-35985

CVE-2023-35985 affects Foxit Reader 12.1.3.15356. The vulnerability is in the Javascript exportDataObject API, caused by a failure to properly validate a dangerous extension, enabling an attacker to create files at arbitrary locations. This can lead to arbitrary code execution. Exploitation requi...

8.8CVSS8.6AI score0.02673EPSS
Total number of security vulnerabilities372