Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14293

CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14298

CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14307

CVE-2018-14307 affects Foxit Reader (e.g., 9.0.1.5096; CNVD lists 9.1.0.5096 and earlier) due to a use-after-free in the processing of Link objects, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction. Related advisories (ZDI-18-767; OpenV...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14310

CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14313

CVE-2018-14313 affects Foxit Reader (pre-9.2.0.9097) with a type-confusion vulnerability in PDF handling that enables remote code execution. The issue requires user interaction (visit a malicious page or open a malicious file) and can allow code execution in the current process. Related advisorie...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14314

CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.57 views

CVE-2018-19341

The CVE-2018-19341 issue affects Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). A U3D sample can cause a denial of service (out-of-bounds read) and possible information disclosure due to a Read Access Violation near NULL in FoxitReader!std::basic_ostream >::...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.57 views

CVE-2018-19343

Foxit Reader CVE-2018-19343 affects the u3d plugin in FoxitReader.exe (Foxit Reader 9.3.0.10826) where the u3d plugin 9.3.0.10809 can trigger an out-of-bounds read via a U3D sample, potentially causing a denial of service and information disclosure. The issue is tied to Data from Faulting Address...

7.1CVSS8AI score0.01653EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9942

The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9951

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...

8.8CVSS8.8AI score0.04836EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9955

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9970

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9971

Foxit Reader 9.0.1.104 is affected by a vulnerability in ConvertToPDF_x86.dll that allows remote disclosure of sensitive information due to an out-of-bounds read (read past the end of an allocated object) caused by insufficient input validation. The issue can be exploited by convincing a user to ...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.57 views

CVE-2019-6752

Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...

5.5CVSS5.4AI score0.02551EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.57 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.57 views

CVE-2021-27267

CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2011/06/24 8:0 p.m.56 views

CVE-2011-1908

CVE-2011-1908 is a Foxit Reader vulnerability: an integer overflow in the FreeType engine’s Type 1 font decoder allows remote code execution or a denial of service when processing a crafted font inside a PDF. The issue affects Foxit Reader prior to version 4.0.0.0619. Multiple sources corroborate...

9.3CVSS8AI score0.0498EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.56 views

CVE-2017-10956

CVE-2017-10956 affects Foxit Reader 8.3.1.21155. The vulnerability is an out-of-bounds read in the tile index member of SOT markers due to insufficient validation of user-supplied data, allowing disclosure of sensitive information. Remote attackers can trigger via a malicious page or file, and it...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2017/03/14 9:2 a.m.56 views

CVE-2017-6883

The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...

4.7CVSS6.7AI score0.03378EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14242

CVE-2018-14242 is a type-confusion remote code execution vulnerability in Foxit Reader, fixed by updates after Foxit Reader 9.2.0.9097. The flaw resides in the addField method and can be triggered by JavaScript actions on a malicious page or file, requiring user interaction. Impact is arbitrary c...

8.8CVSS8.8AI score0.02882EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14266

CVE-2018-14266 affects Foxit Reader (notably 9.0.1.1049 and earlier) and is caused by a flaw in the importDataObject method that leads to a type confusion. An attacker can trigger this remotely by convincing a user to visit a malicious page or open a malicious file, initiating remote code executi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14271

The CVE-2018-14271 entry describes a type-confusion remote code execution in Foxit Reader, caused by the removeField method. The flaw allows code execution in the current process context and requires user interaction (visiting a malicious page or opening a malicious file). Affected products inclu...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14276

Foxit Reader vulnerability CVE-2018-14276 arises from a type confusion in the submitForm method that allows remote code execution when a user visits a crafted page or opens a malicious file. The issue affects Foxit Reader (e.g., versions around 9.0.x), with escalation in the current advisories in...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14283

CVE-2018-14283 affects Foxit Reader (Windows) versions older than 9.2.0.9097. The flaw is in the highlightMode attribute and stems from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that enables remote code execution under the ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14297

CVE-2018-14297 affects Foxit Reader (and Foxit PhantomPDF in some listings). The vulnerability is a use-after-free in the processing of FreeText annotations, where manipulating a document’s elements can cause a freed pointer to be reused, enabling remote code execution. Exploitation requires user...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.56 views

CVE-2018-19344

The CVE-2018-19344 entry concerns Foxit Reader 9.3.0.10826 with the u3d plugin 9.3.0.10809 (plugins\U3DBrowser.fpi). The affected component is the U3D parser in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, leading to a denial of service and potential informa...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.56 views

CVE-2018-19388

Foxit Reader 9.3.0.10826 (FoxitReader.exe) is affected by a DoS vulnerability triggered by TIFF data due to a ConvertToPDF_x86!ReleaseFXURLToHtml issue, leading to out-of-bounds read, access violation, and application crash. The issue is described across multiple sources (NVD, CNVD, CVE records) ...

5.5CVSS6.1AI score0.02171EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9937

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9952

The CVE-2018-9952 vulnerability affects Foxit Reader 9.0.1.1049 and is due to improper validation when handling XFA Button elements, specifically when setting the formattedValue attribute, allowing an attacker to execute code under the current process. Exploitation requires user interaction (visi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9965

Foxit Reader 9.0.1.1049 is affected by a Link.setAction vulnerability that allows remote code execution via crafted user interaction. The flaw arises from not validating an object’s existence before operations, enabling code execution in the current process. Exploitation details are associated wi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.56 views

CVE-2021-27266

CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...

4.3CVSS3.8AI score0.02187EPSS
CVE
CVE
added 2011/09/27 7:0 p.m.55 views

CVE-2011-3691

Foxit Reader before 5.0.2.0718 is affected by an untrusted search path vulnerability that allows local users to gain privileges by placing Trojan horse DLLs (dwmapi.dll, dwrite.dll, or msdrm.dll) in the current working directory. Multiple sources (NVD, Red Hat, CVE listing, and Nessus plugin) cor...

9.3CVSS6.7AI score0.01083EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.55 views

CVE-2017-10957

CVE-2017-10957 affects Foxit Reader 8.3.1.21155. The flaw is in the arrowEnd attribute of Annotation objects, arising from not validating the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a ma...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.55 views

CVE-2017-16580

CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...

6.5CVSS7.2AI score0.02456EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-10486

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-10489

Affected software: Foxit Reader 9.0.0.29935. Vulnerability: U3D Clod Progressive Mesh Declaration parsing flaw leading to an out-of-bounds write. Root cause: Lack of proper validation of user-supplied data in the U3D Mesh Declaration parsing, causing a write past the end of an allocated structure...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-11620

CVE-2018-11620 affects Foxit Reader (up to version 9.0.1.1049) with an out-of-bounds read in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This can disclose sensitive information and, in conjunction with other vulnerabilities, may enable arbitrary code execution in...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14251

Foxit Reader CVE-2018-14251 is a type-confusion remote code execution affecting Foxit Reader 9.0.1.1049. The flaw occurs in getDataObject and can be triggered via actions in JavaScript after the user visits a malicious page or opens a malicious file, enabling code execution in the current process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14270

CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14294

CVE-2018-14294 affects Foxit Reader; vulnerable component is the processing of FileAttachment annotations. An attacker can craft a document to trigger a use-after-free, enabling remote code execution in the current process after user opens a malicious file or visits a malicious page. Impact is re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9957

The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9976

CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-9977

The CVE-2018-9977 issue affects Foxit Reader 9.0.0.29935 and is caused by a parsing flaw in Modifier Chain objects within U3D files, where the software does not validate the existence of an object before performing operations. This leads to remote code execution with the attacker’s code running i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2011/02/25 6:0 p.m.54 views

CVE-2011-0332

CVE-2011-0332 affects Foxit Reader prior to 4.3.1.0218 and Foxit Phantom prior to 2.3.3.1112. The issue is an ICC parsing integer overflow that can trigger a heap-based buffer overflow via crafted ICC chunks in a PDF, enabling remote code execution. Multiple connected sources (NVD/NIST entry, Ope...

9.3CVSS8.2AI score0.06189EPSS
CVE
CVE
added 2012/09/06 10:0 a.m.54 views

CVE-2012-4759

CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...

6.9CVSS6.7AI score0.00864EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.54 views

CVE-2017-14832

The CVE-2017-14832 issue affects Foxit Reader 8.3.1.21155, where the style attribute of Caret Annotation objects can be exploited to execute arbitrary code. The root cause is the failure to validate the existence of an object before performing operations on it, enabling remote code execution when...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.54 views

CVE-2018-10491

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10491 due to an out-of-bounds write in the parsing of U3D Bone Weight Modifier structures, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability context is ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.54 views

CVE-2018-14263

Foxit Reader (and Foxit PhantomPDF) are affected by a getVersionID type-confusion vulnerability that allows remote code execution when a user visits a malicious page or opens a malicious file. The flaw is triggered by JavaScript actions and runs with the current process context; exploitation requ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.54 views

CVE-2018-14296

Foxit Reader Circle Annotation use-after-free remote-code-execution vulnerability (CVE-2018-14296) affects Foxit Reader 9.0.1.5096 and earlier; exploits require user interaction (open a malicious file/page). The flaw lies in processing Circle annotations, where a pointer can be reused after free,...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.54 views

CVE-2018-14301

Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...

8.8CVSS8.8AI score0.02773EPSS
Total number of security vulnerabilities372