Lucene search
+L
FoxitsoftwareFoxit Reader

372 matches found

cve
cve
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9980

Foxit Reader 9.0.0.29935 is affected by a U3D parsing out-of-bounds read vulnerability that can disclose sensitive information. The flaw stems from insufficient validation of user-supplied data during U3D parsing, allowing remote attackers to read past the end of an allocated object. Exploitation...

6.5CVSS6.5AI score0.02536EPSS
cve
cve
added 2020/10/02 8:2 a.m.49 views

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

9.8CVSS9.4AI score0.02394EPSS
cve
cve
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9939

Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9943

Foxit Reader 9.0.0.29935 is affected by a type-confusion vulnerability in the openList handling that enables remote code execution when a user visits a malicious page or opens a malicious file. Root cause: improper validation of user-supplied data leading to type confusion; attack context is the ...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9945

Foxit Reader 9.0.0.29935 is affected by a getField use-after-free/validation flaw that allows remote code execution when a user opens a malicious file or visits a malicious page. The root cause is failure to validate the existence of an object before operating on it, enabling arbitrary code execu...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9960

CVE-2018-9960 affects Foxit Reader 9.0.1.1049. The vulnerability stems from the parsing of the textColor Field attribute where the code fails to validate the existence of an object before performing operations, allowing remote code execution under the current process. Exploitation requires user i...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9967

Foxit Reader 9.0.1.1049 is affected by a TextBox Format Use-After-Free/validation flaw that allows remote code execution when a user opens a malicious file or visits a crafted page. The issue stems from failing to validate the existence of a TextBox object before performing operations, enabling c...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2021/05/07 8:16 p.m.48 views

CVE-2021-31448

Foxit Reader 10.1.1.37576 is affected by a U3D parsing out-of-bounds read in PDF handling. The flaw is due to improper validation of user-supplied data within embedded U3D objects, leading to a read past the end of an allocated object. This can disclose sensitive information and, when combined wi...

4.3CVSS3.4AI score0.02023EPSS
cve
cve
added 2021/05/07 8:16 p.m.48 views

CVE-2021-31449

Foxit Reader 10.1.1.37576 is affected by a U3D object parsing flaw in PDFs that does not validate the existence of an object before freeing it, leading to remote code execution. The issue can be triggered by a user visiting a malicious page or opening a malicious file; exploitation occurs in the ...

7.8CVSS7.8AI score0.02819EPSS
cve
cve
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9968

This entry documents a Foxit Reader 9.0.1.1049 remote code execution vulnerability (CVE-2018-9968). The flaw lies in TextBox keyboard input handling where an object’s existence isn’t validated before operations, enabling an attacker to execute code in the current process when a user visits a mali...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9973

CVE-2018-9973 affects Foxit Reader 9.0.1.1049. The flaw is an out-of-bounds read during ePub file parsing caused by insufficient validation of input data, which can lead to sensitive information disclosure and, in combination with other vulnerabilities, arbitrary code execution in the affected pr...

6.5CVSS6.5AI score0.02894EPSS
cve
cve
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9975

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9975 due to a shift-event handling flaw. The issue stems from not validating the existence of an object before performing operations, enabling a remote attacker to execute code in the context of the current process after user interaction (visiting a...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9982

Summary : CVE-2018-9982 affects Foxit Reader 9.0.0.29935 and is linked to a flaw in parsing the Texture Width in U3D files, causing an out-of-bounds write that can execute arbitrary code. The vulnerability allows remote code execution with the attacker hosting a malicious page or file; user inter...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9984

CVE-2018-9984 affects Foxit Reader 9.0.0.29935. The vulnerability is in the parsing of Texture Image Channels objects inside U3D files, caused by insufficient validation of user-supplied data, which can lead to a read past the end of an allocated object and information disclosure. Exploitation re...

6.5CVSS6.5AI score0.02536EPSS
cve
cve
added 2021/05/07 8:16 p.m.47 views

CVE-2021-31443

Foxit Reader 10.1.1.37576 contains an information disclosure vulnerability in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of user-supplied data, causing a read past the end of an allocated object (out-of-bounds read). Exploitation requires user ...

4.3CVSS3.4AI score0.02023EPSS
cve
cve
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9938

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9938. The vulnerability stems from improper validation in the absPageSpan method, causing a type confusion condition that allows remote attackers to execute arbitrary code in the context of the current process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9940

CVE-2018-9940 affects Foxit Reader 9.0.0.29935. The flaw resides in the handling of the layout sheet attribute, caused by insufficient validation of user-supplied data, resulting in a type-confusion condition that enables remote code execution under the current process. User interaction is requir...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9962

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9962. The vulnerability stems from parsing of the Annotation author attribute and a missing validation of object existence, enabling remote code execution when a user opens a malicious file or visits a malicious page. The root cause is a use-after-f...

8.8CVSS8.8AI score0.02773EPSS
cve
cve
added 2021/05/07 8:16 p.m.46 views

CVE-2021-31444

CVE-2021-31444 affects Foxit Reader 10.1.1.37576. The flaw is in the handling of embedded U3D objects in PDFs, caused by insufficient validation, leading to a read past the end of an allocated object. This results in information disclosure and, when combined with other vulnerabilities, can be lev...

4.3CVSS3.4AI score0.02023EPSS
cve
cve
added 2021/05/07 8:16 p.m.46 views

CVE-2021-31447

The CVE-2021-31447 issue affects Foxit Reader 10.1.1.37576 and is due to a flaw in handling U3D objects embedded in PDF files, causing a read past the end of an allocated object (out-of-bounds read). This is a local/peer-access concern that could enable information disclosure, with exploitation r...

4.3CVSS3.4AI score0.02023EPSS
cve
cve
added 2018/05/17 3:0 p.m.45 views

CVE-2018-9944

CVE-2018-9944 affects Foxit Reader 9.0.0.29935. The vulnerability resides in the addLink method and stems from not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...

8.8CVSS8.8AI score0.03226EPSS
cve
cve
added 2019/06/03 6:15 p.m.42 views

CVE-2019-6771

CVE-2019-6771 affects Foxit Reader 2019.010.20098. The issue is in the handling of the value property of a Field object within AcroForms, caused by not validating the existence of an object before performing operations. This can be exploited to disclose sensitive information and, when combined wi...

5.5CVSS5.5AI score0.02652EPSS
Total number of security vulnerabilities372