372 matches found
CVE-2018-14310
CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...
CVE-2018-14313
CVE-2018-14313 affects Foxit Reader (pre-9.2.0.9097) with a type-confusion vulnerability in PDF handling that enables remote code execution. The issue requires user interaction (visit a malicious page or open a malicious file) and can allow code execution in the current process. Related advisorie...
CVE-2018-14314
CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...
CVE-2018-19341
The CVE-2018-19341 issue affects Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). A U3D sample can cause a denial of service (out-of-bounds read) and possible information disclosure due to a Read Access Violation near NULL in FoxitReader!std::basic_ostream >::...
CVE-2018-19343
Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...
CVE-2018-9942
The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...
CVE-2018-9955
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...
CVE-2018-9970
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...
CVE-2018-9971
Foxit Reader 9.0.1.104 is affected by a vulnerability in ConvertToPDF_x86.dll that allows remote disclosure of sensitive information due to an out-of-bounds read (read past the end of an allocated object) caused by insufficient input validation. The issue can be exploited by convincing a user to ...
CVE-2019-6752
Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2021-27267
CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...
CVE-2011-1908
CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...
CVE-2017-10956
CVE-2017-10956 affects Foxit Reader 8.3.1.21155. The vulnerability is an out-of-bounds read in the tile index member of SOT markers due to insufficient validation of user-supplied data, allowing disclosure of sensitive information. Remote attackers can trigger via a malicious page or file, and it...
CVE-2017-6883
The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...
CVE-2018-1174
CVE-2018-1174 affects Foxit Reader 9.0.0.29935 and is tied to the PrintParams bitmapDPI object. The root cause is uninitialized memory access in that handling, enabling information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, in c...
CVE-2018-1178
The CVE-2018-1178 entry relates to Foxit Reader 9.0.0.29935, where the vulnerability resides in the addField handling and results from not validating the existence of an object before performing operations. This is a remote code execution vulnerability that an attacker can exploit after convincin...
CVE-2018-14242
CVE-2018-14242 is a type-confusion remote code execution vulnerability in Foxit Reader, fixed by updates after Foxit Reader 9.2.0.9097. The flaw resides in the addField method and can be triggered by JavaScript actions on a malicious page or file, requiring user interaction. Impact is arbitrary c...
CVE-2018-14266
CVE-2018-14266 affects Foxit Reader (notably 9.0.1.1049 and earlier) and is caused by a flaw in the importDataObject method that leads to a type confusion. An attacker can trigger this remotely by convincing a user to visit a malicious page or open a malicious file, initiating remote code executi...
CVE-2018-14271
The CVE-2018-14271 entry describes a type-confusion remote code execution in Foxit Reader, caused by the removeField method. The flaw allows code execution in the current process context and requires user interaction (visiting a malicious page or opening a malicious file). Affected products inclu...
CVE-2018-14276
Foxit Reader vulnerability CVE-2018-14276 arises from a type confusion in the submitForm method that allows remote code execution when a user visits a crafted page or opens a malicious file. The issue affects Foxit Reader (e.g., versions around 9.0.x), with escalation in the current advisories in...
CVE-2018-14297
CVE-2018-14297 affects Foxit Reader (and Foxit PhantomPDF in some listings). The vulnerability is a use-after-free in the processing of FreeText annotations, where manipulating a document’s elements can cause a freed pointer to be reused, enabling remote code execution. Exploitation requires user...
CVE-2018-19344
The CVE-2018-19344 entry concerns Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). The affected component is the U3D parser in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, leading to a denial of service and potential informa...
CVE-2018-19388
Foxit Reader 9.3.0.10826 (FoxitReader.exe) is affected by a DoS vulnerability triggered by TIFF data due to a ConvertToPDF_x86!ReleaseFXURLToHtml issue, leading to out-of-bounds read, access violation, and application crash. The issue is described across multiple sources (NVD, CNVD, CVE records) ...
CVE-2018-9937
Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...
CVE-2018-9951
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...
CVE-2018-9952
The CVE-2018-9952 vulnerability affects Foxit Reader 9.0.1.1049 and is due to improper validation when handling XFA Button elements, specifically when setting the formattedValue attribute, allowing an attacker to execute code under the current process. Exploitation requires user interaction (visi...
CVE-2018-9965
Foxit Reader 9.0.1.1049 is affected by a Link.setAction vulnerability that allows remote code execution via crafted user interaction. The flaw arises from not validating an object’s existence before operations, enabling code execution in the current process. Exploitation details are associated wi...
CVE-2021-27266
CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...
CVE-2011-3691
Foxit Reader before 5.0.2.0718 is affected by an untrusted search path vulnerability that allows local users to gain privileges by placing Trojan horse DLLs (dwmapi.dll, dwrite.dll, or msdrm.dll) in the current working directory. Multiple sources (NVD, Red Hat, CVE listing, and Nessus plugin) cor...
CVE-2017-10957
CVE-2017-10957 affects Foxit Reader 8.3.1.21155. The flaw is in the arrowEnd attribute of Annotation objects, arising from not validating the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a ma...
CVE-2017-16580
CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...
CVE-2018-10486
Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-11620
CVE-2018-11620 affects Foxit Reader (up to version 9.0.1.1049) with an out-of-bounds read in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This can disclose sensitive information and, in conjunction with other vulnerabilities, may enable arbitrary code execution in...
CVE-2018-14251
Foxit Reader CVE-2018-14251 is a type-confusion remote code execution affecting Foxit Reader 9.0.1.1049. The flaw occurs in getDataObject and can be triggered via actions in JavaScript after the user visits a malicious page or opens a malicious file, enabling code execution in the current process...
CVE-2018-14270
CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...
CVE-2018-14283
CVE-2018-14283 affects Foxit Reader (Windows) versions older than 9.2.0.9097. The flaw is in the highlightMode attribute and stems from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that enables remote code execution under the ...
CVE-2018-14289
CVE-2018-14289 affects Foxit Reader, including version 9.0.1.5096, with an out-of-bounds read in PDF document parsing that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be leveraged with other issues...
CVE-2018-14294
CVE-2018-14294 affects Foxit Reader; vulnerable component is the processing of FileAttachment annotations. An attacker can craft a document to trigger a use-after-free, enabling remote code execution in the current process after user opens a malicious file or visits a malicious page. Impact is re...
CVE-2018-9957
The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...
CVE-2018-9976
CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...
CVE-2018-9977
The CVE-2018-9977 issue affects Foxit Reader 9.0.0.29935 and is caused by a parsing flaw in Modifier Chain objects within U3D files, where the software does not validate the existence of an object before performing operations. This leads to remote code execution with the attacker’s code running i...
CVE-2011-0332
CVE-2011-0332 affects Foxit Reader prior to 4.3.1.0218 and Foxit Phantom prior to 2.3.3.1112. The issue is an ICC parsing integer overflow that can trigger a heap-based buffer overflow via crafted ICC chunks in a PDF, enabling remote code execution. Multiple connected sources (NVD/NIST entry, Ope...
CVE-2012-4759
CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...
CVE-2017-14832
The CVE-2017-14832 issue affects Foxit Reader 8.3.1.21155, where the style attribute of Caret Annotation objects can be exploited to execute arbitrary code. The root cause is the failure to validate the existence of an object before performing operations on it, enabling remote code execution when...
CVE-2018-10489
Affected software: Foxit Reader 9.0.0.29935. Vulnerability: U3D Clod Progressive Mesh Declaration parsing flaw leading to an out-of-bounds write. Root cause: Lack of proper validation of user-supplied data in the U3D Mesh Declaration parsing, causing a write past the end of an allocated structure...
CVE-2018-10491
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10491 due to an out-of-bounds write in the parsing of U3D Bone Weight Modifier structures, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability context is ...
CVE-2018-14263
Foxit Reader (and Foxit PhantomPDF) are affected by a getVersionID type-confusion vulnerability that allows remote code execution when a user visits a malicious page or opens a malicious file. The flaw is triggered by JavaScript actions and runs with the current process context; exploitation requ...
CVE-2018-14296
Foxit Reader Circle Annotation use-after-free remote-code-execution vulnerability (CVE-2018-14296) affects Foxit Reader 9.0.1.5096 and earlier; exploits require user interaction (open a malicious file/page). The flaw lies in processing Circle annotations, where a pointer can be reused after free,...
CVE-2018-14301
Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...