Lucene search
K
FoxitsoftwareFoxit Reader

372 matches found

CVE
CVE
added 2012/09/06 10:0 a.m.53 views

CVE-2012-4759

CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...

6.9CVSS6.7AI score0.00864EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.53 views

CVE-2017-14832

The CVE-2017-14832 issue affects Foxit Reader 8.3.1.21155, where the style attribute of Caret Annotation objects can be exploited to execute arbitrary code. The root cause is the failure to validate the existence of an object before performing operations on it, enabling remote code execution when...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-10492

This CVE affects Foxit Reader 9.0.0.29935, with an out-of-bounds read vulnerability in the U3D Clod Progressive Mesh Continuation parsing that allows remote information disclosure. Exploitation requires user interaction (the target must open a malicious page or file). The issue stems from insuffi...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14245

CVE-2018-14245 affects Foxit Reader (e.g., version 9.0.1.1049) and is caused by a type confusion in the closeDoc method. An attacker can trigger remote code execution by convincing a user to open a malicious page or file, with user interaction required. Documented advisories (ZDI-18-705 and relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14263

Foxit Reader (and Foxit PhantomPDF) are affected by a getVersionID type-confusion vulnerability that allows remote code execution when a user visits a malicious page or opens a malicious file. The flaw is triggered by JavaScript actions and runs with the current process context; exploitation requ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.53 views

CVE-2018-14282

CVE-2018-14282 affects Foxit Reader prior to 9.2.0.9097. The vulnerability is a FlateDecode stream handling issue caused by an uninitialized pointer, enabling remote code execution under the current process when a user opens a malicious file or visits a malicious page. Exploitation requires user ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/17 9:0 p.m.53 views

CVE-2018-19347

The CVE-2018-19347 issue affects Foxit Reader 9.3.0.10826 via the u3d plugin (U3DBrowser.fpi) in FoxitReader.exe; the root cause is an out-of-bounds read triggered by a U3D sample, where Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb. Imp...

7.1CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9936

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9976

CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.53 views

CVE-2019-5005

CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...

5.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2017/12/20 2:0 p.m.52 views

CVE-2017-14824

CVE-2017-14824 affects Foxit Reader 8.3.1.21155 (XFAScriptObject insert) where improper validation of user-supplied data can cause a type confusion, enabling remote code execution. The vulnerability requires user interaction (malicious page or file) and allows code execution with the current proc...

8.8CVSS8.8AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-10475

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the parsing of U3D Light Node structures. The flaw, caused by insufficient validation, can disclose sensitive information on the current system. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-10487

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10487 due to an out-of-bounds read while parsing U3D files embedded in PDFs. The flaw stems from improper validation of user-supplied data, allowing a read past the end of an allocated object and resulting in information disclosure. Exploitation re...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-10488

CVE-2018-10488 affects Foxit Reader 9.0.0.29935. The issue is a heap-based buffer overflow in parsing U3D Texture Width structures caused by insufficient validation of user-supplied data, allowing remote code execution when a user visits a malicious page or opens a malicious file. Exploitation re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14241

CVE-2018-14241 affects Foxit Reader (9.0.1.1049) and is a type-confusion/remote code execution flaw in the addAnnot method. Exploitation requires user interaction (the target visits a malicious page or opens a malicious file); an attacker can trigger the type confusion via JavaScript to execute c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14274

CVE-2018-14274 affects Foxit Reader (notably 9.0.1.1049 in the NVD entry). The flaw is a type confusion in the scroll method that can be triggered via JavaScript actions, enabling remote code execution under the current process when a user visits a malicious page or opens a malicious file. Multip...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14301

Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.52 views

CVE-2018-19390

Foxit Reader CVE-2018-19390 affects Foxit Reader 9.3.0.10826. A vulnerability in ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification allows a remote attacker to trigger a denial of service (application crash) by processing TIFF data. The DoS impact is noted in sources refere...

5.5CVSS6.1AI score0.02171EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9935

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the addField method. The root cause is failing to validate the existence of an object before operating on it, leading to potential code execution under the current process context. Public sources (ZDI-18-319) describ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9959

CVE-2018-9959 affects Foxit Reader 9.0.1.1049. The flaw is in parsing the pageNum document attribute, caused by failing to validate object existence before performing operations. This enables remote code execution with user interaction (target must open a malicious page or file), executing code i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9979

Foxit Reader 9.0.0.29935 is affected by a vulnerability in parsing Texture Continuation objects in U3D files that can disclose sensitive information. The root cause is improper validation of user-supplied data, leading to a read past the end of an allocated object. Exploitation requires user inte...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.52 views

CVE-2021-31445

CVE-2021-31445 describes a buffer/read-out-of-bounds in Foxit Reader 10.1.1.37576 related to handling of U3D objects in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object. An attacker could leverage this, in conjunction wi...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.52 views

CVE-2021-31446

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31446 due to an out-of-bounds read in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of data, enabling a read past the end of an allocated object. Exploitation requires user interaction (the target ...

4.3CVSS3.4AI score0.02682EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.52 views

CVE-2023-35985

CVE-2023-35985 affects Foxit Reader 12.1.3.15356. The vulnerability is in the Javascript exportDataObject API, caused by a failure to properly validate a dangerous extension, enabling an attacker to create files at arbitrary locations. This can lead to arbitrary code execution. Exploitation requi...

8.8CVSS8.6AI score0.02673EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10476

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D Model Node parsing. The issue stems from improper validation of user-supplied data, causing a read past the end of an allocated structure (out-of-bounds read). An attacker can leverage this by convincing a ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14269

The CVE-2018-14269 issue is a type confusion vulnerability in Foxit Reader’s print method that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and JavaScript actions trigger the fault, executing code in the current proce...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14306

CVE-2018-14306 affects Foxit Reader (and Foxit PhantomPDF) prior to 9.2.0.9097. A use-after-free in the handling/processing of button objects (pointer reuse after free) can be triggered when a user visits a malicious page or opens a malicious file, allowing remote code execution under the process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2023/11/27 3:25 p.m.51 views

CVE-2023-41257

CVE-2023-41257 is a type-confusion vulnerability in Foxit Reader/Foxit PDF Editor (versions around 12.1.2.15356) where field value properties can be mishandled. A specially crafted Javascript code within a malicious PDF (or a crafted site when the browser plugin is enabled) can trigger memory cor...

8.8CVSS8.8AI score0.01627EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.50 views

CVE-2017-8455

Foxit Reader and Foxit PhantomPDF (prior to 8.2.1) are affected by an out-of-bounds read triggered by a crafted font in a PDF, potentially revealing sensitive data or allowing arbitrary code execution. Impact is remote code execution or information disclosure in the context of the vulnerable proc...

7.8CVSS8.4AI score0.04079EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-10478

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the parsing of U3D Texture Coord Dimensions objects. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated object. Exploitation requires user interac...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-10485

CVE-2018-10485 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read in the U3D Texture Height structures caused by insufficient validation of user-supplied data, allowing a remote attacker to disclose sensitive information. Exploitation requires user interaction (visiting ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14244

Foxit Reader is affected by CVE-2018-14244 (also listed in ZDI as ZDI-18-704). The flaw is a type-confusion in the calculateNow method, exploitable via JavaScript actions that trigger the vulnerability and lead to remote code execution. Exploitation requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14273

CVE-2018-14273 affects Foxit Reader (and related Foxit products) with a type confusion in the removeTemplate method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw allows code execution in the context of ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14284

Foxit Reader CVE-2018-14284 affects Foxit Reader 9.0.1.1049 and is rooted in the newDoc function: the code fails to verify the existence of an object before operating on it, enabling remote code execution with user interaction. The vulnerability has been discussed in multiple advisories (ZDI-18-7...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/11/20 9:0 p.m.50 views

CVE-2018-19389

CVE-2018-19389 affects Foxit Reader 9.3.0.10826, where FoxitReader.exe is vulnerable via BMP data due to the ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. This allows remote attackers to cause a denial of service (break/exception and application crash). The vuln...

5.5CVSS6.1AI score0.02009EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9949

CVE-2018-9949 affects Foxit Reader 9.0.0.29935. The issue is a TIFF parsing heap-based buffer overflow caused by insufficient validation of user-supplied data length, allowing remote code execution with the current process context. Exploitation requires user interaction (visiting a malicious page...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9953

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9953. The vulnerability lies in the XFA resolveNodes method of Button elements, where code executes without validating the existence of an object before performing operations. This allows remote code execution with the current process context and re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9961

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9961. The vulnerability stems from the parsing of the Field rect attribute, due to not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user opens a malicious file or vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9972

This CVE (CVE-2018-9972) affects Foxit Reader 9.0.1.1049. The vulnerability stems from ConvertToPDF_x86.dll where improper validation of user-supplied data can cause a read past the end of an allocated object. This can lead to information disclosure and, in combination with other vulnerabilities,...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9978

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D parsing code. The issue is an out-of-bounds read caused by improper validation of user-supplied data, enabling remote disclosure when a user visits a malicious page or opens a malicious file. The vulnerabil...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.50 views

CVE-2021-27263

The CVE-2021-27263 entry describes an out-of-bounds read in Foxit PhantomPDF 10.1.0.37527 related to U3D object handling in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object and potential information disclosure. Exploitat...

4.3CVSS3.8AI score0.02899EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.50 views

CVE-2021-31442

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31442. The vulnerability stems from improper validation in the handling of U3D objects within PDF files, causing a write past the end of an allocated data structure. This allows remote code execution with the attacker’s code running in the context...

7.8CVSS7.8AI score0.02819EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-10477

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10477 due to a parsing flaw in U3D Chain Index objects. The issue allows remote code execution via a malicious page or file, requiring user interaction, and is due to improper validation that can cause a write past the end of an allocated object. T...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.49 views

CVE-2018-14249

CVE-2018-14249 is a type-confusion remote code execution in Foxit Reader’s exportDataObject method. Affected product: Foxit Reader (9.0.1.1049) with exploitation requiring user interaction (malicious page or file) via JavaScript to trigger the flaw. Documents also reference a broader set of relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.49 views

CVE-2018-14315

CVE-2018-14315 affects Foxit Reader versions older than 9.2.0.9097, where the vulnerability lies in how annotations are handled. The flaw is due to not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process when a u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9946

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9946 due to a setTimeOut handling flaw where code executes without validating the existence of an object before operations. This can disclose sensitive information; exploitation requires user interaction (visit a malicious page or open a malicious ...

6.5CVSS6.5AI score0.03EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9966

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9966 due to a vulnerability in TextBox Calculate handling. The flaw stems from not validating the existence of an object before performing operations, leading to a remote code execution in the context of the current process after user interaction (e...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9974

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9974. The issue lies in ConvertToPDF_x86.dll where improper validation of the length of user-supplied data to a heap-based buffer allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2020/10/02 8:2 a.m.49 views

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

9.8CVSS9.4AI score0.02394EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9939

Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...

8.8CVSS8.8AI score0.03226EPSS
Total number of security vulnerabilities372