372 matches found
CVE-2017-14825
CVE-2017-14825 affects Foxit Reader; vulnerability is a type confusion in XFAScriptObject.remove, enabling remote code execution. Affected: Foxit Reader 8.3.1.21155 with user interaction required (malicious page/file). Documented exploitation exists (malware in the wild per OpenVAS/OpenVAS notes)...
CVE-2017-8454
CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...
CVE-2018-10491
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10491 due to an out-of-bounds write in the parsing of U3D Bone Weight Modifier structures, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability context is ...
CVE-2018-11623
CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...
CVE-2018-1175
CVE-2018-1175 affects Foxit Reader 9.0.0.29935. The flaw is in the handling of the interactive attribute of PrintParams objects, arising from lack of proper memory initialization. This leads to information disclosure, with remote attackers able to access sensitive data; exploitation requires user...
CVE-2018-14261
CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...
CVE-2018-14264
CVE-2018-14264 is a type confusion remote-code-execution vulnerability in Foxit Reader (importAnFDF method). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code in the current process. Affected products include Foxit Reader versions ...
CVE-2018-14270
CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...
CVE-2018-14272
CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...
CVE-2018-14293
CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...
CVE-2018-14298
CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...
CVE-2018-14307
CVE-2018-14307 affects Foxit Reader (e.g., 9.0.1.5096; CNVD lists 9.1.0.5096 and earlier) due to a use-after-free in the processing of Link objects, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction. Related advisories (ZDI-18-767; OpenV...
CVE-2018-14310
CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...
CVE-2018-14313
CVE-2018-14313 affects Foxit Reader (pre-9.2.0.9097) with a type-confusion vulnerability in PDF handling that enables remote code execution. The issue requires user interaction (visit a malicious page or open a malicious file) and can allow code execution in the current process. Related advisorie...
CVE-2018-14314
CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...
CVE-2018-19341
The CVE-2018-19341 issue affects Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). A U3D sample can cause a denial of service (out-of-bounds read) and possible information disclosure due to a Read Access Violation near NULL in FoxitReader!std::basic_ostream >::...
CVE-2018-19343
Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...
CVE-2018-9942
The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...
CVE-2018-9951
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...
CVE-2018-9970
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...
CVE-2019-6752
Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2021-27267
CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...
CVE-2011-1908
CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...
CVE-2017-6883
The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...
CVE-2018-14242
CVE-2018-14242 is a type-confusion remote code execution vulnerability in Foxit Reader, fixed by updates after Foxit Reader 9.2.0.9097. The flaw resides in the addField method and can be triggered by JavaScript actions on a malicious page or file, requiring user interaction. Impact is arbitrary c...
CVE-2018-14266
CVE-2018-14266 affects Foxit Reader (notably 9.0.1.1049 and earlier) and is caused by a flaw in the importDataObject method that leads to a type confusion. An attacker can trigger this remotely by convincing a user to visit a malicious page or open a malicious file, initiating remote code executi...
CVE-2018-14271
The CVE-2018-14271 entry describes a type-confusion remote code execution in Foxit Reader, caused by the removeField method. The flaw allows code execution in the current process context and requires user interaction (visiting a malicious page or opening a malicious file). Affected products inclu...
CVE-2018-14283
CVE-2018-14283 affects Foxit Reader (Windows) versions older than 9.2.0.9097. The flaw is in the highlightMode attribute and stems from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that enables remote code execution under the ...
CVE-2018-14297
CVE-2018-14297 affects Foxit Reader (and Foxit PhantomPDF in some listings). The vulnerability is a use-after-free in the processing of FreeText annotations, where manipulating a document’s elements can cause a freed pointer to be reused, enabling remote code execution. Exploitation requires user...
CVE-2018-19344
The CVE-2018-19344 entry concerns Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). The affected component is the U3D parser in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, leading to a denial of service and potential informa...
CVE-2018-19388
Foxit Reader 9.3.0.10826 (FoxitReader.exe) is affected by a DoS vulnerability triggered by TIFF data due to a ConvertToPDF_x86!ReleaseFXURLToHtml issue, leading to out-of-bounds read, access violation, and application crash. The issue is described across multiple sources (NVD, CNVD, CVE records) ...
CVE-2018-9937
Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...
CVE-2018-9952
The CVE-2018-9952 vulnerability affects Foxit Reader 9.0.1.1049 and is due to improper validation when handling XFA Button elements, specifically when setting the formattedValue attribute, allowing an attacker to execute code under the current process. Exploitation requires user interaction (visi...
CVE-2018-9965
Foxit Reader 9.0.1.1049 is affected by a Link.setAction vulnerability that allows remote code execution via crafted user interaction. The flaw arises from not validating an object’s existence before operations, enabling code execution in the current process. Exploitation details are associated wi...
CVE-2018-9977
The CVE-2018-9977 issue affects Foxit Reader 9.0.0.29935 and is caused by a parsing flaw in Modifier Chain objects within U3D files, where the software does not validate the existence of an object before performing operations. This leads to remote code execution with the attacker’s code running i...
CVE-2021-27266
CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...
CVE-2012-4759
CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...
CVE-2017-10957
CVE-2017-10957 affects Foxit Reader 8.3.1.21155. The flaw is in the arrowEnd attribute of Annotation objects, arising from not validating the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a ma...
CVE-2017-14832
The CVE-2017-14832 issue affects Foxit Reader 8.3.1.21155, where the style attribute of Caret Annotation objects can be exploited to execute arbitrary code. The root cause is the failure to validate the existence of an object before performing operations on it, enabling remote code execution when...
CVE-2017-16580
CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...
CVE-2018-10486
Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-10489
Affected software: Foxit Reader 9.0.0.29935. Vulnerability: U3D Clod Progressive Mesh Declaration parsing flaw leading to an out-of-bounds write. Root cause: Lack of proper validation of user-supplied data in the U3D Mesh Declaration parsing, causing a write past the end of an allocated structure...
CVE-2018-11620
CVE-2018-11620 affects Foxit Reader (up to version 9.0.1.1049) with an out-of-bounds read in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This can disclose sensitive information and, in conjunction with other vulnerabilities, may enable arbitrary code execution in...
CVE-2018-14251
Foxit Reader CVE-2018-14251 is a type-confusion remote code execution affecting Foxit Reader 9.0.1.1049. The flaw occurs in getDataObject and can be triggered via actions in JavaScript after the user visits a malicious page or opens a malicious file, enabling code execution in the current process...
CVE-2018-14296
Foxit Reader Circle Annotation use-after-free remote-code-execution vulnerability (CVE-2018-14296) affects Foxit Reader 9.0.1.5096 and earlier; exploits require user interaction (open a malicious file/page). The flaw lies in processing Circle annotations, where a pointer can be reused after free,...
CVE-2018-9936
Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...
CVE-2018-9976
CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...
CVE-2018-9983
Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D parsing path. The issue stems from insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malic...
CVE-2023-35985
CVE-2023-35985 affects Foxit Reader 12.1.3.15356. The vulnerability is in the Javascript exportDataObject API, caused by a failure to properly validate a dangerous extension, enabling an attacker to create files at arbitrary locations. This can lead to arbitrary code execution. Exploitation requi...