28 matches found
CVE-2020-35931
Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...
CVE-2021-33792
CVE-2021-33792 affects Foxit Reader prior to 10.1.4 and Foxit PhantomPDF prior to 10.1.4. The root cause is an out-of-bounds write triggered by a crafted /Size key in the Trailer dictionary. Public references consistently describe a buffer/space issue leading to memory corruption in these PDF pro...
CVE-2021-38574
CVE-2021-38574 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is a SQL injection vulnerability triggered by crafted data at the end of a string in database-related processing. Affected components/locations are not further specified in the provided material. Impact is describ...
CVE-2021-33795
CVE-2021-33795 affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. The root cause is mishandling of the certificate name, document owner, and signature author in PDF signatures, resulting in incorrect document signatures. Reported impact indicates partial integrity impact with ...
CVE-2021-38570
CVE-2021-38570 affects Foxit Reader and Foxit PhantomPDF versions prior to 10.1.4. The issue allows an attacker to delete arbitrary files during uninstallation by abusing a symlink, enabling file deletion on the user’s system. Exploitation details are not provided in the supplied documents. The v...
CVE-2018-10302
CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...
CVE-2021-38568
CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...
CVE-2021-38573
Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...
CVE-2017-17557
CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF
CVE-2021-33793
The CVE-2021-33793 issue affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. It is an out-of-bounds write caused by mishandling of the Cross-Reference table during Office document conversion. Impact details are not elaborated beyond the out-of-bounds write; no exploitation spec...
CVE-2018-14442
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...
CVE-2021-38569
Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...
CVE-2018-10303
Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...
CVE-2020-26540
Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...
CVE-2020-28203
CVE-2020-28203 affects Foxit Reader and PhantomPDF up to 10.1.0.37527, where opening a crafted PDF can trigger a null pointer dereference, causing the application to crash (denial of service). This is supported by multiple sources in the connected documents, including the NVD entry and vendor dis...
CVE-2020-26537
CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...
CVE-2021-38572
CVE-2021-38572 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where the extractPages pathname is not validated, allowing an attacker to write to arbitrary files. The connected documents confirm the affected products and the root cause (unvalidated extractPages pathname). No exploitati...
CVE-2019-5007
CVE-2019-5007 affects Foxit Reader and PhantomPDF for Windows prior to 9.4. It is a NULL pointer dereference during TIFF parsing that causes an out-of-bounds read, leading to information disclosure and a crash. The description in multiple sources confirms the vulnerability lies in TIFF data handl...
CVE-2020-26538
CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...
CVE-2019-5006
CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...
CVE-2021-38571
CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...
CVE-2022-43310
Foxit Reader v11.2.118.51569 is affected by CVE-2022-43310 due to an Uncontrolled Search Path Element when searching for DLL libraries without an absolute path. This local privilege-escalation vulnerability can allow an attacker to gain high impact on confidentiality, integrity, and availability....
CVE-2020-26535
Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2019-5005
CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...
CVE-2020-26536
Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...
CVE-2021-33794
CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...
CVE-2020-26534
CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...