549 matches found
CVE-2021-31476
CVE-2021-31476 affects Foxit PhantomPDF 10.1.3.37598. The flaw is in the handling of XFA templates and stems from a lack of input validation, leading to a type confusion condition. This can allow remote attackers to execute arbitrary code in the context of the target process, with user interactio...
CVE-2019-17139
Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-17139 due to an out-of-bounds write in the HTML2PDF plugin while processing JavaScript. The flaw arises from insufficient validation of user-supplied data, enabling remote code execution in the context of the current process. Exploitation requi...
CVE-2019-13320
Foxit Reader 9.5.0.20723 is affected by a vulnerability in AcroForms where the code fails to verify object existence before operations, enabling remote code execution via malicious page/file with user interaction. Multiple connected sources (ZDI-19-637, CNVD-2019-22460, RH-CVE-2019-13320, NVD/NVD...
CVE-2019-17141
Foxit PhantomPDF 9.6.0.25114 is affected by CVE-2019-17141. The vulnerability exists in the text field Calculate action where code execution is possible due to a missing validation of object existence before operations, allowing remote attackers to run code in the current process. The issue requi...
CVE-2019-13319
Foxit Reader 9.5.0.20723 (and earlier) is affected by CVE-2019-13319 due to an XFA form processing flaw where the code fails to validate object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...
CVE-2019-13318
CVE-2019-13318 affects Foxit Reader 9.5.0.20723. The issue stems from the processing of the util.printf JavaScript method: the application mishandles the %p format parameter, allowing disclosure of heap addresses to the script. This information disclosure can be leveraged in conjunction with othe...
CVE-2019-17143
CVE-2019-17143 affects Foxit PhantomPDF 9.6.0.25114. The root cause is a flaw in DWG file parsing where the code does not verify an object’s existence before operations, enabling information disclosure. Some sources note this could be combined with other vulnerabilities to achieve code execution ...
CVE-2019-17144
CVE-2019-17144 affects Foxit PhantomPDF 9.6.0.25114. The flaw is in DWG-to-PDF conversion due to improper validation, causing an out-of-bounds write that can let an attacker execute code in the target process. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...
CVE-2019-17140
CVE-2019-17140 affects Foxit PhantomPDF 9.6.0.25114. The issue is a design/logic flaw in the OnFocus handling where code fails to validate the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context of the current process after the ...
CVE-2019-13316
Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-13316. The flaw lies in the handling of Calculate actions where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user...
CVE-2019-13317
The CVE-2019-13317 entry concerns Foxit PhantomPDF. Affects PhantomPDF 9.5.0.20723 and earlier, with the root cause in the Calculate actions handling: the code performs operations on an object without first validating its existence. This leads to remote code execution in the context of the curren...
CVE-2019-6776
Foxit PhantomPDF 9.5.0.20723 and earlier are affected by a removeField/AcroForms watermark handling flaw. The vulnerability stems from not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious page or file. Multiple connec...
CVE-2019-17135
Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-17135. The issue lies in DXF file parsing where insufficient validation leads to a memory corruption condition. This remote code execution vulnerability requires user interaction (target must open a malicious page or file) and can allow code ex...
CVE-2019-17136
Foxit PhantomPDF 9.5.0.20723 is affected by a DXF-to-PDF parsing vulnerability. The flaw causes a read past the end of an allocated structure during DXF file conversion, allowing remote code execution in the attacker's context. Exploitation requires user interaction (visiting a malicious page or ...
CVE-2019-17145
CVE-2019-17145 affects Foxit PhantomPDF 9.6.0.25114, with a vulnerability in the DXF-to-PDF conversion. The flaw is caused by insufficient validation of the length of user-supplied data before copying to a fixed-length stack-based buffer, enabling remote code execution in the context of the curre...
CVE-2019-6774
CVE-2019-6774 affects Foxit Reader 9.4.1.16828. The flaw is in deleteItemAt when processing AcroForms, caused by not validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process with user interaction required (visit...
CVE-2019-6775
Foxit Reader (9.5.0.20723) is affected by CVE-2019-6775. The vulnerability resides in the AcroForm exportValues path, caused by failing to verify the existence of an object before performing operations on it, enabling remote code execution in the current process. Exploitation requires user intera...
CVE-2019-13315
Foxit Reader (9.5.0.20723) is affected by CVE-2019-13315 due to a flaw in removeField where code executes without validating the target object’s existence. This leads to remote arbitrary code execution when a user opens a malicious file or visits a crafted page, with user interaction required. Th...
CVE-2019-17142
Foxit PhantomPDF 9.6.0.25114 is affected by CVE-2019-17142. The vulnerability is a remote code execution flaw caused by processing of a script within a Keystroke action of a listbox field, arising from not validating the existence of an object before operating on it. Exploitation requires user in...
CVE-2019-14213
CVE-2019-14213 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. Impact is a crash/DoS vector as described in multiple sources. Remediation: upgrade to version 8.3.11 or later wh...
CVE-2019-13333
CVE-2019-13333 affects Foxit PhantomPDF 9.5.0.20723. The vulnerability lies in the DXF-to-PDF conversion where insufficient validation can cause a write past the end of an allocated structure, enabling remote code execution when a user visits a crafted page/file. Exploitation context in the docum...
CVE-2019-13334
CVE-2019-13334 affects Foxit PhantomPDF 9.5.0.20723. The vulnerability is in the DXF-to-PDF conversion code and stems from improper validation of user-supplied data, causing a write past the end of an allocated structure and enabling memory corruption. This can lead to remote code execution in th...
CVE-2019-14207
CVE-2019-14207 affects Foxit PhantomPDF prior to 8.3.11. The issue is a crash caused by an infinite loop in the clone function, arising from confused relationships between a child and parent object due to an append error. This results in a denial of service-like crash when cloning objects. The vu...
CVE-2019-14211
CVE-2019-14211 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by lack of proper validation for the existence of an object before performing operations on it during JavaScript execution. The impact stated is application crash (availability) with exploitation tied to JavaScript...
CVE-2019-14208
CVE-2019-14208 affects Foxit PhantomPDF prior to 8.3.10. The issue is a NULL pointer dereference that can crash the application when extracting a PDF object from a document or when parsing a portfolio containing a null dictionary. This vulnerability is documented across multiple sources (NVD/NVD-...
CVE-2019-14215
The vulnerability CVE-2019-14215 affects Foxit PhantomPDF before 8.3.11, where calling xfa.event.rest in XFA JavaScript can crash the application due to accessing a wild pointer. Affected component: PhantomPDF’s XFA/JavaScript handling. Impact stated as crash (partial availability impact per CVSS...
CVE-2021-31461
Foxit Reader 10.1.1.37576 is affected by a type-confusion vulnerability in the handling of app.media objects. The flaw stems from insufficient validation of user-supplied data, enabling remote attackers to execute arbitrary code in the target process after the user visits a malicious page or open...
CVE-2019-14210
CVE-2019-14210 affects Foxit PhantomPDF before 8.3.10. The issue is a memory corruption vulnerability caused by an invalid pointer copy from a destructed string object, as described in multiple sources. Affected component is Foxit PhantomPDF (Windows), with the underlying cause being improper han...
CVE-2019-14212
CVE-2019-14212 affects Foxit PhantomPDF before 8.3.11. The issue is a NULL pointer dereference when executing certain XFA JavaScript, arising from inadequate validation of an object, which can cause the application to crash. Impact in the associated records is limited to crashes; exploitation det...
CVE-2019-14214
Foxit PhantomPDF
CVE-2019-14209
Foxit PhantomPDF before 8.3.10 is affected by CVE-2019-14209, which causes a Heap Corruption due to data desynchrony when adding AcroForm. The issue is described as a heap corruption vulnerability impacting the product, with CVSS v3.0 vector indicating network access, no user interaction, and hig...
CVE-2020-8847
Foxit Reader 9.7.0.29455 is affected by CVE-2020-8847 due to a JPEG2000 parsing flaw that allows out-of-bounds writes in a component handling JPEG2000 data. The issue enables remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). The root caus...
CVE-2020-8857
CVE-2020-8857 affects Foxit Reader 9.7.0.29455 (and related versions in some records) where the flaw resides in parsing of form Annotation objects within AcroForms. The root cause is failure to validate the existence of an object before performing operations on it, leading to remote code executio...
CVE-2018-9958
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9958, a Use-After-Free in the Text Annotations handling that can lead to remote code execution. The flaw occurs when setting the point attribute of an annotation object without validating existence, allowing an attacker to run code in the victim pro...
CVE-2020-8849
Foxit Reader 9.7.0.29455 (and related versions) is affected by a JPEG2000 file parsing vulnerability that can lead to remote code execution. The flaw arises from improper validation of user-supplied data, causing a write past the end of an allocated structure in JPEG2000 processing. Exploitation ...
CVE-2020-8845
Foxit PhantomPDF 9.6.0.25114 is affected by a remote code execution vulnerability in the AcroForms watermark handling. The flaw stems from not validating the existence of an object before performing operations on it, enabling an attacker to run code in the process context after user interaction (...
CVE-2020-8852
CVE-2020-8852 affects Foxit Reader 9.7.0.29455 (and related records) with an out-of-bounds read in JPEG2000 file processing that can disclose sensitive information. Root cause: insufficient validation of user-supplied data leading to a read past the end of an allocated buffer. Attack requires use...
CVE-2020-8851
Foxit Reader 9.7.0.29455 is affected by a JPEG2000 processing vulnerability that allows remote code execution via out-of-bounds write due to insufficient validation of data, requiring user interaction (visiting a malicious page or opening a malicious file). The issue (CVE-2020-8851) is documented...
CVE-2020-8853
Foxit PhantomPDF 9.7.0.29478 is vulnerable to a HTML2PDF conversion out-of-bounds write that can allow remote code execution. The flaw arises from insufficient validation of user-supplied data during HTML-to-PDF conversion, enabling a write past the end of an allocated structure. Exploitation req...
CVE-2020-8856
CVE-2020-8856 (Foxit PhantomPDF) affects Foxit PhantomPDF 9.6.0.25608 and possibly earlier builds, with a flaw in the handling of watermarks. The root cause is the failure to validate the existence of an object before performing operations on it, enabling an attacker to execute arbitrary code in ...
CVE-2020-8850
Foxit Reader is affected by a JPEG2000 parsing vulnerability (CVE-2020-8850) in versions around 9.7.0.29455 and earlier. The flaw stems from insufficient validation of user-supplied data during JPEG2000 processing, causing a write past the end of an allocated structure and enabling remote code ex...
CVE-2020-8844
Summary of CVE-2020-8844 (Foxit Reader) : The vulnerability affects Foxit Reader 9.6.0.25114, arising from improper validation in the JPEG parsing path used by ConvertToPDF. The flaw is an integer overflow caused by processing user-supplied data, which can lead to arbitrary code execution in the ...
CVE-2021-31473
CVE-2021-31473 describes a remote code execution in Foxit Reader 10.1.3.37598. The issue, tied to the browseForDoc function, arises from improper validation of user-supplied data that can cause a write past the end of an allocated data structure. This allows an attacker to execute code in the tar...
CVE-2020-8848
Foxit Reader 9.7.0.29455 is affected by a JPEG2000 parsing vulnerability: a lack of input validation leads to an out-of-bounds write in processing JPEG2000 data, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The iss...
CVE-2020-8854
Foxit PhantomPDF is vulnerable to a JPEG-to-PDF conversion out-of-bounds write that can lead to remote code execution. Affected product: Foxit PhantomPDF 9.7.0.29478 (and earlier per CNVD), with the flaw caused by improper validation of user-supplied data during JPEG-to-PDF conversion, resulting ...
CVE-2020-8855
Foxit PhantomPDF 9.7.0.2947 (and earlier versions) is affected by a use-after-free in fxhtml2pdf.exe that hinges on failing to validate the existence of an object before operations, enabling remote code execution when a user visits a crafted page or opens a malicious file. The issue allows code e...
CVE-2019-5131
Foxit PDF Reader (Foxit Reader) is affected by a use-after-free vulnerability in the JavaScript engine for version 9.7.0.29435 (and possibly earlier per advisories). A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. Exploitation requires th...
CVE-2020-8846
CVE-2020-8846 affects Foxit PhantomPDF 9.6.0.25114 (and related) via a flaw in how text field objects are handled. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to trigger remote code execution. Some records describe it as a use‑...
CVE-2019-5130
CVE-2019-5130 is a use-after-free vulnerability in Foxit PDF Reader (JavaScript engine). Multiple connected sources (Talos: Foxit PDF Reader 9.7.0.29435; Red Hat/NVD: same code path) describe that a crafted PDF can trigger a freed object to be reused, enabling arbitrary code execution. The vulner...
CVE-2020-35931
Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...