Lucene search

K

28 matches found

CVE
CVE
added 2020/12/31 9:15 p.m.85 views

CVE-2020-35931

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Sub...

7.8CVSS7.6AI score0.00087EPSS
CVE
CVE
added 2021/07/09 6:15 p.m.74 views

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.

7.8CVSS7.5AI score0.00035EPSS
CVE
CVE
added 2021/07/09 6:15 p.m.66 views

CVE-2021-33795

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.

5.5CVSS5.6AI score0.00023EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.65 views

CVE-2021-38574

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.

9.8CVSS9.7AI score0.00017EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.60 views

CVE-2021-38568

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.

9.8CVSS9.5AI score0.00027EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.60 views

CVE-2021-38570

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.

9.1CVSS9AI score0.0004EPSS
CVE
CVE
added 2018/04/24 8:29 p.m.59 views

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to exe...

8.8CVSS8.7AI score0.3002EPSS
Web
CVE
CVE
added 2021/08/11 10:15 p.m.59 views

CVE-2021-38573

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS
CVE
CVE
added 2018/04/23 7:29 p.m.56 views

CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.

7.8CVSS8.4AI score0.0078EPSS
CVE
CVE
added 2018/04/23 11:29 p.m.55 views

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.

8.8CVSS8.8AI score0.00626EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.53 views

CVE-2020-26540

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

7.5CVSS7.6AI score0.00007EPSS
CVE
CVE
added 2020/12/15 1:15 p.m.51 views

CVE-2020-28203

An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).

5.5CVSS6AI score0.00022EPSS
CVE
CVE
added 2018/07/20 12:29 p.m.50 views

CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.

9.8CVSS9.5AI score0.05473EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.49 views

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

7.5CVSS7.5AI score0.00018EPSS
CVE
CVE
added 2019/01/03 11:29 p.m.48 views

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

7.1CVSS6.6AI score0.00141EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.48 views

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

7.8CVSS7.5AI score0.00032EPSS
CVE
CVE
added 2021/08/11 10:15 p.m.48 views

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.47 views

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

9.8CVSS8.7AI score0.00023EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.47 views

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

7.8CVSS7.8AI score0.00012EPSS
CVE
CVE
added 2021/08/11 8:15 p.m.47 views

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8CVSS9.5AI score0.00027EPSS
CVE
CVE
added 2019/01/03 11:29 p.m.45 views

CVE-2019-5006

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.

5.5CVSS6AI score0.0008EPSS
CVE
CVE
added 2022/11/09 9:15 p.m.44 views

CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.43 views

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.

5.5CVSS5.4AI score0.00035EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.42 views

CVE-2020-26539

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).

9.8CVSS9.6AI score0.02831EPSS
CVE
CVE
added 2019/01/03 11:29 p.m.41 views

CVE-2019-5005

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.

5.5CVSS5.9AI score0.0008EPSS
CVE
CVE
added 2021/08/11 8:15 p.m.38 views

CVE-2021-33794

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

9.1CVSS8.7AI score0.00027EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.36 views

CVE-2020-26534

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.

9.8CVSS9.4AI score0.00032EPSS
CVE
CVE
added 2020/10/02 8:15 a.m.33 views

CVE-2020-26537

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.

9.8CVSS9.2AI score0.00027EPSS