372 matches found
CVE-2018-9966
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9966 due to a vulnerability in TextBox Calculate handling. The flaw stems from not validating the existence of an object before performing operations, leading to a remote code execution in the context of the current process after user interaction (e...
CVE-2018-9968
This entry documents a Foxit Reader 9.0.1.1049 remote code execution vulnerability (CVE-2018-9968). The flaw lies in TextBox keyboard input handling where an object’s existence isn’t validated before operations, enabling an attacker to execute code in the current process when a user visits a mali...
CVE-2018-9980
Foxit Reader 9.0.0.29935 is affected by a U3D parsing out-of-bounds read vulnerability that can disclose sensitive information. The flaw stems from insufficient validation of user-supplied data during U3D parsing, allowing remote attackers to read past the end of an allocated object. Exploitation...
CVE-2018-9982
Summary : CVE-2018-9982 affects Foxit Reader 9.0.0.29935 and is linked to a flaw in parsing the Texture Width in U3D files, causing an out-of-bounds write that can execute arbitrary code. The vulnerability allows remote code execution with the attacker hosting a malicious page or file; user inter...
CVE-2020-26534
CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...
CVE-2018-9939
Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...
CVE-2018-9940
CVE-2018-9940 affects Foxit Reader 9.0.0.29935. The flaw resides in the handling of the layout sheet attribute, caused by insufficient validation of user-supplied data, resulting in a type-confusion condition that enables remote code execution under the current process. User interaction is requir...
CVE-2018-9943
Foxit Reader 9.0.0.29935 is affected by a type-confusion vulnerability in the openList handling that enables remote code execution when a user visits a malicious page or opens a malicious file. Root cause: improper validation of user-supplied data leading to type confusion; attack context is the ...
CVE-2018-9945
Foxit Reader 9.0.0.29935 is affected by a getField use-after-free/validation flaw that allows remote code execution when a user opens a malicious file or visits a malicious page. The root cause is failure to validate the existence of an object before operating on it, enabling arbitrary code execu...
CVE-2018-9967
Foxit Reader 9.0.1.1049 is affected by a TextBox Format Use-After-Free/validation flaw that allows remote code execution when a user opens a malicious file or visits a crafted page. The issue stems from failing to validate the existence of a TextBox object before performing operations, enabling c...
CVE-2018-9975
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9975 due to a shift-event handling flaw. The issue stems from not validating the existence of an object before performing operations, enabling a remote attacker to execute code in the context of the current process after user interaction (visiting a...
CVE-2021-31448
Foxit Reader 10.1.1.37576 is affected by a U3D parsing out-of-bounds read in PDF handling. The flaw is due to improper validation of user-supplied data within embedded U3D objects, leading to a read past the end of an allocated object. This can disclose sensitive information and, when combined wi...
CVE-2021-31449
Foxit Reader 10.1.1.37576 is affected by a U3D object parsing flaw in PDFs that does not validate the existence of an object before freeing it, leading to remote code execution. The issue can be triggered by a user visiting a malicious page or opening a malicious file; exploitation occurs in the ...
CVE-2018-9962
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9962. The vulnerability stems from parsing of the Annotation author attribute and a missing validation of object existence, enabling remote code execution when a user opens a malicious file or visits a malicious page. The root cause is a use-after-f...
CVE-2018-9973
CVE-2018-9973 affects Foxit Reader 9.0.1.1049. The flaw is an out-of-bounds read during ePub file parsing caused by insufficient validation of input data, which can lead to sensitive information disclosure and, in combination with other vulnerabilities, arbitrary code execution in the affected pr...
CVE-2018-9984
CVE-2018-9984 affects Foxit Reader 9.0.0.29935. The vulnerability is in the parsing of Texture Image Channels objects inside U3D files, caused by insufficient validation of user-supplied data, which can lead to a read past the end of an allocated object and information disclosure. Exploitation re...
CVE-2021-31443
Foxit Reader 10.1.1.37576 contains an information disclosure vulnerability in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of user-supplied data, causing a read past the end of an allocated object (out-of-bounds read). Exploitation requires user ...
CVE-2018-9938
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9938. The vulnerability stems from improper validation in the absPageSpan method, causing a type confusion condition that allows remote attackers to execute arbitrary code in the context of the current process. Exploitation requires user interactio...
CVE-2018-9944
CVE-2018-9944 affects Foxit Reader 9.0.0.29935. The vulnerability resides in the addLink method and stems from not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...
CVE-2021-31444
CVE-2021-31444 affects Foxit Reader 10.1.1.37576. The flaw is in the handling of embedded U3D objects in PDFs, caused by insufficient validation, leading to a read past the end of an allocated object. This results in information disclosure and, when combined with other vulnerabilities, can be lev...
CVE-2021-31447
The CVE-2021-31447 issue affects Foxit Reader 10.1.1.37576 and is due to a flaw in handling U3D objects embedded in PDF files, causing a read past the end of an allocated object (out-of-bounds read). This is a local/peer-access concern that could enable information disclosure, with exploitation r...
CVE-2019-6771
CVE-2019-6771 affects Foxit Reader 2019.010.20098. The issue is in the handling of the value property of a Field object within AcroForms, caused by not validating the existence of an object before performing operations. This can be exploited to disclose sensitive information and, when combined wi...