Foxit Reader@* Security Vulnerabilities and Issues — Page 3 of Foxit Reader@* CVE List

8.8CVSS7.9AI score0.23206EPSS

CVE-2018-14295

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wit...

CVE-2018-14300

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proces...

CVE-2018-14304

CVE-2018-14309

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE•added 2019/01/03 11:29 p.m.•46 views

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

7.1CVSS6.6AI score0.00141EPSS

CVE•added 2019/06/03 7:29 p.m.•46 views

CVE-2019-6752

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

5.5CVSS5.4AI score0.00128EPSS

CVE•added 2020/10/02 8:15 a.m.•46 views

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

7.8CVSS7.8AI score0.00012EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31441

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31454

7.8CVSS8.5AI score0.02166EPSS

CVE•added 2021/08/11 8:15 p.m.•46 views

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2021/08/11 10:15 p.m.•46 views

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

7.8CVSS7.5AI score0.00032EPSS

CVE•added 2016/04/22 3:59 p.m.•45 views

CVE-2016-4059

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

7.8CVSS7.8AI score0.01302EPSS

CVE•added 2016/04/22 3:59 p.m.•45 views

CVE-2016-4062

Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

5.5CVSS6AI score0.00038EPSS

8.8CVSS8.8AI score0.00474EPSS

CVE-2018-10473

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

8.8CVSS8.8AI score0.00474EPSS

CVE-2018-10474

6.5CVSS6.5AI score0.00412EPSS

CVE-2018-10481

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

8.8CVSS8.8AI score0.00552EPSS

CVE-2018-11622

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToP...

CVE-2018-14267

CVE-2018-14268

CVE-2018-14287

8.8CVSS8.8AI score0.00345EPSS

CVE-2018-14293

CVE-2018-14302

CVE-2018-14311

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA e...

CVE-2018-9941

CVE-2018-9942

CVE•added 2020/10/13 5:15 p.m.•45 views

CVE-2020-17417

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2020/10/02 8:15 a.m.•45 views

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

9.8CVSS8.7AI score0.00023EPSS

CVE•added 2016/04/22 3:59 p.m.•44 views

CVE-2016-4063

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

7.8CVSS7.8AI score0.01544EPSS

CVE•added 2017/05/03 5:59 a.m.•44 views

CVE-2017-8454

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

8.8CVSS8.8AI score0.01208EPSS

6.5CVSS6.5AI score0.00412EPSS

CVE-2018-10482

6.5CVSS6.5AI score0.00223EPSS

CVE-2018-10493

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.5CVSS6.8AI score0.00201EPSS

CVE-2018-11621

8.8CVSS8.8AI score0.00298EPSS

CVE-2018-11623

CVE-2018-1178

CVE-2018-14250

8.8CVSS8.8AI score0.01087EPSS

CVE-2018-14280

8.8CVSS8.8AI score0.00482EPSS

CVE-2018-14290

CVE-2018-14299

CVE-2018-9954

CVE-2018-9965

CVE•added 2021/03/30 3:15 p.m.•44 views

CVE-2021-27271

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ha...

7.8CVSS7.8AI score0.04545EPSS

CVE•added 2011/06/24 8:55 p.m.•43 views

CVE-2011-1908

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

9.3CVSS8AI score0.00734EPSS

CVE•added 2011/09/27 7:55 p.m.•43 views

CVE-2011-3691

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

9.3CVSS6.7AI score0.07412EPSS

6.5CVSS6.5AI score0.00223EPSS

CVE-2018-10479

8.8CVSS8.8AI score0.00235EPSS

CVE-2018-10484

6.5CVSS6.5AI score0.00223EPSS

CVE-2018-10486