28 matches found
CVE-2021-34832
Foxit PDF Reader (Windows/macOS) ≤11.0.0.49893 is affected by a remote code execution vulnerability in the handling of the delay property, caused by not validating the existence of an object before operating on it. This allowed remote attackers to run arbitrary code after convincing a user to ope...
CVE-2021-34843
CVE-2021-34843 affects Foxit PDF Reader 11.0.0.49893. The flaw is in how Annotation objects are handled: the code fails to validate the existence of an object before operating on it, enabling a remote attacker to execute arbitrary code in the process context after user interaction (visiting a mal...
CVE-2021-34849
The CVE-2021-34849 entry affects Foxit PDF Reader 11.0.0.49893. The flaw is in the handling of Annotation objects, resulting from not validating the existence of an object before performing operations, which can allow a remote attacker to execute code in the current process. Exploitation requires...
CVE-2021-34835
CVE-2021-34835 affects Foxit PDF Reader (11.0.0.49893). The flaw lies in handling of Annotation objects where the software does not validate the existence of an object before performing operations, enabling a remote attacker to execute code in the context of the current process. Exploitation requ...
CVE-2021-34846
Foxit PDF Reader 11.0.0.49893 is affected by CVE-2021-34846 due to improper validation of object existence when handling Annotation objects. The flaw allows remote code execution in the current process after user visits a malicious page or opens a malicious file, with user interaction required. I...
CVE-2021-34852
Foxit PDF Reader (11.0.0.49893) is affected by a remote code execution vulnerability in the handling of Annotation objects. The flaw arises from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the target process after conv...
CVE-2021-34837
CVE-2021-34837 affects Foxit PDF Reader 11.0.0.49893/Foxit PhantomPDF family. The issue is a use of unvalidated object handling in Annotation objects, where the absence of validating an object before operations can allow remote code execution in the current process after a user opens a malicious ...
CVE-2021-34838
CVE-2021-34838 affects Foxit PDF Reader/Editor (e.g., 11.0.0.49893). The flaw is in how the application handles Annotation objects, arising from not validating the existence of an object before performing operations, allowing arbitrary code execution in the current process. User interaction is re...
CVE-2021-34851
The CVE-2021-34851 entry affects Foxit PDF Reader 11.0.0.49893, with a vulnerability in handling of Annotation objects caused by not validating object existence before operations, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malici...
CVE-2021-34833
Foxit PDF Reader/PhantomPDF 11.0.0.49893 is affected by CVE-2021-34833 due to a use-after-validation flaw in handling Annotation objects. The vulnerability results from not validating the existence of an object before performing operations, enabling remote code execution in the current process. U...
CVE-2021-34834
CVE-2021-34834 affects Foxit PDF Reader (11.0.0.49893) and related Foxit products. The root cause is lack of validation for the existence of an Annotation object before performing operations, enabling remote code execution when a user opens a malicious file/page and the attacker can execute code ...
CVE-2021-34839
FOXIT PDF Reader 11.0.0.49893 contains a vulnerability in the handling of Annotation objects where the existence of an object is not validated before operations, enabling remote code execution when a user opens a malicious document or visits a malicious page. The issue requires user interaction a...
CVE-2021-34841
Foxit CVE-2021-34841 affects Foxit PDF Reader 11.0.0.49893. The flaw is in handling of Annotation objects where the existence of an object is not validated before operations, enabling remote code execution in the current process. User interaction is required (visiting a malicious page or opening ...
CVE-2021-34842
CVE-2021-34842 affects Foxit PDF Reader 11.0.0.49893. The vulnerability stems from improper handling of Annotation objects: the software fails to validate the existence of an object before performing operations, enabling an attacker to execute arbitrary code in the current process. Exploitation r...
CVE-2021-34840
Foxit PDF Reader 11.0.0.49893 is affected by CVE-2021-34840 due to a flaw in handling Annotation objects where the existence of an object isn’t validated before operations. This permits arbitrary code execution in the context of the current process when a user opens a malicious file/page or visit...
CVE-2021-34844
CVE-2021-34844 affects Foxit PDF Reader (11.0.0.49893) and Foxit PhantomPDF/Reader variants where the vulnerability resides in Annotation object handling. The flaw stems from failing to validate the existence of an object before performing operations, enabling remote code execution in the current...
CVE-2021-34850
The CVE-2021-34850 entry affects Foxit PDF Reader/Editor (e.g., Foxit PDF Reader 11.0.0.49893) with a remote code execution flaw in Annotation handling. The root cause is failure to validate the existence of an object before operating on it, enabling an attacker to run code in the current process...
CVE-2021-34845
CVE-2021-34845 affects Foxit PDF Reader 11.0.0.49893. The bug lies in handling Annotation objects, caused by not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user interaction (visiti...
CVE-2021-34847
CVE-2021-34847 affects Foxit PDF Reader (11.0.0.49893). The flaw is in handling Annotation objects: the code fails to validate the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a malicious pag...
CVE-2021-34836
CVE-2021-34836 affects Foxit PDF Reader 11.0.0.49893. The flaw is in the handling of Annotation objects where the software fails to validate the existence of an object before performing operations, enabling remote code execution. Exploitation requires the user to visit a malicious page or open a ...
CVE-2021-34853
CVE-2021-34853 affects Foxit PDF Reader 11.0.0.49893. The flaw lies in the handling of Annotation objects, specifically the lack of validating the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user ...
CVE-2021-34848
CVE-2021-34848 affects Foxit PDF Reader 11.0.0.49893. The flaw is in the handling of Annotation objects, caused by not validating the existence of an object before performing operations. This enables a remote attacker to execute arbitrary code in the context of the current process. Exploitation r...
CVE-2021-38566
CVE-2021-38566 affects Foxit PDF Reader prior to 11.0.1 and Foxit PDF Editor prior to 11.0.1. The issue is a stack consumption vulnerability during recursive processing of embedded XML nodes. CVSS metrics indicate a Network vector, Low attack complexity, no privileges, and a HIGH impact on availa...
CVE-2021-34831
CVE-2021-34831 affects Foxit Reader 10.1.4.37651 (and related Foxit PDF tooling) with remote code execution via improper handling of Document objects. The flaw arises from not validating the existence of an object before performing operations, allowing an attacker to execute code in the context o...
CVE-2021-38564
CVE-2021-38564 affects Foxit PDF Reader before 11.0.1 and Foxit PDF Editor before 11.0.1. The issue is an out-of-bounds read via util.scand/scand, disclosed across multiple sources. Root cause is improper handling leading to an out-of-bounds read, with impact described as partial confidentiality ...
CVE-2021-38563
Foxit PDF Reader and Foxit PDF Editor are affected by CVE-2021-38563 (pre-11.0.1). The issue arises when an array size derived from a /Size entry is smaller than the maximum indirect object number, causing an incorrect array access that can dereference NULL or read/write out of bounds. Impact can...
CVE-2021-38565
The CVE-2021-38565 entry concerns Foxit PDF Reader before 11.0.1 and Foxit PDF Editor before 11.0.1. The vulnerability allows writing to arbitrary files via the submitForm function, indicating an arbitrary file write flaw in these products. Connected sources consistently identify the affected sof...
CVE-2021-38567
CVE-2021-38567 affects Foxit PDF Editor and Foxit PDF Reader prior to 11.0.1 on macOS. The root cause is mishandling of missing dictionary entries, leading to a NULL pointer dereference. Reported across multiple sources, including PT-2021-22216, the vulnerability results in an unrecoverable crash...