Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2018/07/31 8:0 p.m.54 views

CVE-2018-14301

Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.54 views

CVE-2018-14305

CVE-2018-14305 affects Foxit Reader (notably 9.0.1.5096) and allows remote code execution via manipulation of PolyLine annotations during document processing. The flaw is a use-after-free in the annotation handling, exploitable when a user opens a malicious file or visits a malicious page, with u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.54 views

CVE-2018-9983

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D parsing path. The issue stems from insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malic...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.54 views

CVE-2020-26536

Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...

5.5CVSS5.4AI score0.00918EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.54 views

CVE-2021-27265

CVE-2021-27265 affects Foxit PhantomPDF 10.1.0.37527. The flaw arises from improper validation in the handling of U3D objects in PDF files, causing an out-of-bounds read (read past end of an allocated object). Exploitation requires user interaction (target visits a malicious page or opens a malic...

4.3CVSS3.8AI score0.02023EPSS
CVE
CVE
added 2021/08/11 7:28 p.m.54 views

CVE-2021-33794

CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...

9.1CVSS8.7AI score0.01105EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.53 views

CVE-2017-14824

CVE-2017-14824 affects Foxit Reader 8.3.1.21155 (XFAScriptObject insert) where improper validation of user-supplied data can cause a type confusion, enabling remote code execution. The vulnerability requires user interaction (malicious page or file) and allows code execution with the current proc...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-10487

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10487 due to an out-of-bounds read while parsing U3D files embedded in PDFs. The flaw stems from improper validation of user-supplied data, allowing a read past the end of an allocated object and resulting in information disclosure. Exploitation re...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-10488

CVE-2018-10488 affects Foxit Reader 9.0.0.29935. The issue is a heap-based buffer overflow in parsing U3D Texture Width structures caused by insufficient validation of user-supplied data, allowing remote code execution when a user visits a malicious page or opens a malicious file. Exploitation re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-10492

This CVE affects Foxit Reader 9.0.0.29935, with an out-of-bounds read vulnerability in the U3D Clod Progressive Mesh Continuation parsing that allows remote information disclosure. Exploitation requires user interaction (the target must open a malicious page or file). The issue stems from insuffi...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14241

CVE-2018-14241 affects Foxit Reader (9.0.1.1049) and is a type-confusion/remote code execution flaw in the addAnnot method. Exploitation requires user interaction (the target visits a malicious page or opens a malicious file); an attacker can trigger the type confusion via JavaScript to execute c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14245

CVE-2018-14245 affects Foxit Reader (e.g., version 9.0.1.1049) and is caused by a type confusion in the closeDoc method. An attacker can trigger remote code execution by convincing a user to open a malicious page or file, with user interaction required. Documented advisories (ZDI-18-705 and relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14274

CVE-2018-14274 affects Foxit Reader (notably 9.0.1.1049 in the NVD entry). The flaw is a type confusion in the scroll method that can be triggered via JavaScript actions, enabling remote code execution under the current process when a user visits a malicious page or opens a malicious file. Multip...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14282

CVE-2018-14282 affects Foxit Reader prior to 9.2.0.9097. The vulnerability is a FlateDecode stream handling issue caused by an uninitialized pointer, enabling remote code execution under the current process when a user opens a malicious file or visits a malicious page. Exploitation requires user ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.53 views

CVE-2018-19347

The CVE-2018-19347 issue affects Foxit Reader 9.3.0.10826 via the u3d plugin (U3DBrowser.fpi) in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, where Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb. Imp...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.53 views

CVE-2018-19390

Foxit Reader CVE-2018-19390 affects Foxit Reader 9.3.0.10826. A vulnerability in ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification allows a remote attacker to trigger a denial of service (application crash) by processing TIFF data. The DoS impact is noted in sources refere...

5.5CVSS6.1AI score0.02171EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9935

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the addField method. The root cause is failing to validate the existence of an object before operating on it, leading to potential code execution under the current process context. Public sources (ZDI-18-319) describ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9936

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9979

Foxit Reader 9.0.0.29935 is affected by a vulnerability in parsing Texture Continuation objects in U3D files that can disclose sensitive information. The root cause is improper validation of user-supplied data, leading to a read past the end of an allocated object. Exploitation requires user inte...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.53 views

CVE-2019-5005

CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...

5.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-10475

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the parsing of U3D Light Node structures. The flaw, caused by insufficient validation, can disclose sensitive information on the current system. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.52 views

CVE-2018-19389

CVE-2018-19389 affects Foxit Reader 9.3.0.10826, where FoxitReader.exe is vulnerable via BMP data due to the ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. This allows remote attackers to cause a denial of service (break/exception and application crash). The vuln...

5.5CVSS6.1AI score0.02009EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9959

CVE-2018-9959 affects Foxit Reader 9.0.1.1049. The flaw is in parsing the pageNum document attribute, caused by failing to validate object existence before performing operations. This enables remote code execution with user interaction (target must open a malicious page or file), executing code i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.52 views

CVE-2021-31445

CVE-2021-31445 describes a buffer/read-out-of-bounds in Foxit Reader 10.1.1.37576 related to handling of U3D objects in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object. An attacker could leverage this, in conjunction wi...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.52 views

CVE-2021-31446

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31446 due to an out-of-bounds read in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of data, enabling a read past the end of an allocated object. Exploitation requires user interaction (the target ...

4.3CVSS3.4AI score0.02682EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.52 views

CVE-2023-41257

CVE-2023-41257 is a type-confusion vulnerability in Foxit Reader/Foxit PDF Editor (versions around 12.1.2.15356) where field value properties can be mishandled. A specially crafted Javascript code within a malicious PDF (or a crafted site when the browser plugin is enabled) can trigger memory cor...

8.8CVSS8.8AI score0.01627EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.51 views

CVE-2017-8455

Foxit Reader and Foxit PhantomPDF (prior to 8.2.1) are affected by an out-of-bounds read triggered by a crafted font in a PDF, potentially revealing sensitive data or allowing arbitrary code execution. Impact is remote code execution or information disclosure in the context of the vulnerable proc...

7.8CVSS8.4AI score0.04079EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10476

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D Model Node parsing. The issue stems from improper validation of user-supplied data, causing a read past the end of an allocated structure (out-of-bounds read). An attacker can leverage this by convincing a ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10477

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10477 due to a parsing flaw in U3D Chain Index objects. The issue allows remote code execution via a malicious page or file, requiring user interaction, and is due to improper validation that can cause a write past the end of an allocated object. T...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10478

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the parsing of U3D Texture Coord Dimensions objects. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated object. Exploitation requires user interac...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14269

The CVE-2018-14269 issue is a type confusion vulnerability in Foxit Reader’s print method that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and JavaScript actions trigger the fault, executing code in the current proce...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14273

CVE-2018-14273 affects Foxit Reader (and related Foxit products) with a type confusion in the removeTemplate method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw allows code execution in the context of ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14306

CVE-2018-14306 affects Foxit Reader (and Foxit PhantomPDF) prior to 9.2.0.9097. A use-after-free in the handling/processing of button objects (pointer reuse after free) can be triggered when a user visits a malicious page or opens a malicious file, allowing remote code execution under the process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9953

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9953. The vulnerability lies in the XFA resolveNodes method of Button elements, where code executes without validating the existence of an object before performing operations. This allows remote code execution with the current process context and re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9956

Foxit Reader 9.0.1.1049 is affected by a remote code execution vulnerability in the XFA Button handling. The flaw occurs when setting the title attribute; the code path does not validate the existence of an object before performing operations, enabling an attacker to execute code in the process c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9961

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9961. The vulnerability stems from the parsing of the Field rect attribute, due to not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user opens a malicious file or vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9972

This CVE (CVE-2018-9972) affects Foxit Reader 9.0.1.1049. The vulnerability stems from ConvertToPDF_x86.dll where improper validation of user-supplied data can cause a read past the end of an allocated object. This can lead to information disclosure and, in combination with other vulnerabilities,...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.51 views

CVE-2021-31442

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31442. The vulnerability stems from improper validation in the handling of U3D objects within PDF files, causing a write past the end of an allocated data structure. This allows remote code execution with the attacker’s code running in the context...

7.8CVSS7.8AI score0.02819EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-10485

CVE-2018-10485 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read in the U3D Texture Height structures caused by insufficient validation of user-supplied data, allowing a remote attacker to disclose sensitive information. Exploitation requires user interaction (visiting ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14244

Foxit Reader is affected by CVE-2018-14244 (also listed in ZDI as ZDI-18-704). The flaw is a type-confusion in the calculateNow method, exploitable via JavaScript actions that trigger the vulnerability and lead to remote code execution. Exploitation requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14249

CVE-2018-14249 is a type-confusion remote code execution in Foxit Reader’s exportDataObject method. Affected product: Foxit Reader (9.0.1.1049) with exploitation requiring user interaction (malicious page or file) via JavaScript to trigger the flaw. Documents also reference a broader set of relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14284

Foxit Reader CVE-2018-14284 affects Foxit Reader 9.0.1.1049 and is rooted in the newDoc function: the code fails to verify the existence of an object before operating on it, enabling remote code execution with user interaction. The vulnerability has been discussed in multiple advisories (ZDI-18-7...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9939

Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9949

CVE-2018-9949 affects Foxit Reader 9.0.0.29935. The issue is a TIFF parsing heap-based buffer overflow caused by insufficient validation of user-supplied data length, allowing remote code execution with the current process context. Exploitation requires user interaction (visiting a malicious page...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9960

CVE-2018-9960 affects Foxit Reader 9.0.1.1049. The vulnerability stems from the parsing of the textColor Field attribute where the code fails to validate the existence of an object before performing operations, allowing remote code execution under the current process. Exploitation requires user i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9974

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9974. The issue lies in ConvertToPDF_x86.dll where improper validation of the length of user-supplied data to a heap-based buffer allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9978

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D parsing code. The issue is an out-of-bounds read caused by improper validation of user-supplied data, enabling remote disclosure when a user visits a malicious page or opens a malicious file. The vulnerabil...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.50 views

CVE-2021-27263

The CVE-2021-27263 entry describes an out-of-bounds read in Foxit PhantomPDF 10.1.0.37527 related to U3D object handling in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object and potential information disclosure. Exploitat...

4.3CVSS3.8AI score0.02899EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.49 views

CVE-2018-14315

CVE-2018-14315 affects Foxit Reader versions older than 9.2.0.9097, where the vulnerability lies in how annotations are handled. The flaw is due to not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process when a u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9946

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9946 due to a setTimeOut handling flaw where code executes without validating the existence of an object before operations. This can disclose sensitive information; exploitation requires user interaction (visit a malicious page or open a malicious ...

6.5CVSS6.5AI score0.03EPSS
Total number of security vulnerabilities372