Lucene search
K

28 matches found

CVE
CVE
added 2020/12/31 8:14 p.m.98 views

CVE-2020-35931

Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...

7.8CVSS7.6AI score0.02294EPSS
CVE
CVE
added 2021/07/09 5:14 p.m.85 views

CVE-2021-33792

CVE-2021-33792 affects Foxit Reader prior to 10.1.4 and Foxit PhantomPDF prior to 10.1.4. The root cause is an out-of-bounds write triggered by a crafted /Size key in the Trailer dictionary. Public references consistently describe a buffer/space issue leading to memory corruption in these PDF pro...

7.8CVSS7.5AI score0.02107EPSS
CVE
CVE
added 2021/08/11 9:12 p.m.81 views

CVE-2021-38574

CVE-2021-38574 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is a SQL injection vulnerability triggered by crafted data at the end of a string in database-related processing. Affected components/locations are not further specified in the provided material. Impact is describ...

9.8CVSS9.7AI score0.00994EPSS
CVE
CVE
added 2021/07/09 5:13 p.m.80 views

CVE-2021-33795

CVE-2021-33795 affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. The root cause is mishandling of the certificate name, document owner, and signature author in PDF signatures, resulting in incorrect document signatures. Reported impact indicates partial integrity impact with ...

5.5CVSS5.6AI score0.00771EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.73 views

CVE-2021-38570

CVE-2021-38570 affects Foxit Reader and Foxit PhantomPDF versions prior to 10.1.4. The issue allows an attacker to delete arbitrary files during uninstallation by abusing a symlink, enabling file deletion on the user’s system. Exploitation details are not provided in the supplied documents. The v...

9.1CVSS9AI score0.01166EPSS
CVE
CVE
added 2018/04/23 7:0 p.m.71 views

CVE-2018-10302

CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...

7.8CVSS8.4AI score0.03247EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.71 views

CVE-2021-38568

CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...

9.8CVSS9.5AI score0.01087EPSS
CVE
CVE
added 2021/08/11 9:12 p.m.71 views

CVE-2021-38573

Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...

9.8CVSS9.3AI score0.01117EPSS
CVE
CVE
added 2018/04/24 8:0 p.m.69 views

CVE-2017-17557

CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF

8.8CVSS8.7AI score0.03643EPSS
CVE
CVE
added 2021/08/11 7:34 p.m.66 views

CVE-2021-33793

The CVE-2021-33793 issue affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. It is an out-of-bounds write caused by mishandling of the Cross-Reference table during Office document conversion. Impact details are not elaborated beyond the out-of-bounds write; no exploitation spec...

9.8CVSS9.5AI score0.01087EPSS
CVE
CVE
added 2018/07/20 12:0 p.m.65 views

CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...

9.8CVSS9.5AI score0.04739EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.65 views

CVE-2021-38569

Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...

7.5CVSS7.5AI score0.00961EPSS
CVE
CVE
added 2018/04/23 11:0 p.m.64 views

CVE-2018-10303

Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...

8.8CVSS8.8AI score0.02583EPSS
CVE
CVE
added 2020/10/02 8:0 a.m.64 views

CVE-2020-26540

Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...

7.5CVSS7.6AI score0.00666EPSS
CVE
CVE
added 2020/12/15 12:53 p.m.62 views

CVE-2020-28203

CVE-2020-28203 affects Foxit Reader and PhantomPDF up to 10.1.0.37527, where opening a crafted PDF can trigger a null pointer dereference, causing the application to crash (denial of service). This is supported by multiple sources in the connected documents, including the NVD entry and vendor dis...

5.5CVSS6AI score0.01868EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.61 views

CVE-2020-26537

CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...

9.8CVSS9.2AI score0.01149EPSS
CVE
CVE
added 2021/08/11 9:13 p.m.60 views

CVE-2021-38572

CVE-2021-38572 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where the extractPages pathname is not validated, allowing an attacker to write to arbitrary files. The connected documents confirm the affected products and the root cause (unvalidated extractPages pathname). No exploitati...

9.8CVSS9.3AI score0.01117EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5007

CVE-2019-5007 affects Foxit Reader and PhantomPDF for Windows prior to 9.4. It is a NULL pointer dereference during TIFF parsing that causes an out-of-bounds read, leading to information disclosure and a crash. The description in multiple sources confirms the vulnerability lies in TIFF data handl...

7.1CVSS6.6AI score0.01552EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.59 views

CVE-2020-26538

CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...

7.8CVSS7.8AI score0.00502EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.58 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.58 views

CVE-2021-38571

CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...

7.8CVSS7.5AI score0.00547EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.58 views

CVE-2022-43310

Foxit Reader v11.2.118.51569 is affected by CVE-2022-43310 due to an Uncontrolled Search Path Element when searching for DLL libraries without an absolute path. This local privilege-escalation vulnerability can allow an attacker to gain high impact on confidentiality, integrity, and availability....

7.8CVSS7.7AI score0.01553EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.56 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.54 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.52 views

CVE-2019-5005

CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...

5.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.52 views

CVE-2020-26536

Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...

5.5CVSS5.4AI score0.00918EPSS
CVE
CVE
added 2021/08/11 7:28 p.m.50 views

CVE-2021-33794

CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...

9.1CVSS8.7AI score0.01105EPSS
CVE
CVE
added 2020/10/02 8:2 a.m.48 views

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

9.8CVSS9.4AI score0.02394EPSS