Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14273

CVE-2018-14273 affects Foxit Reader (and related Foxit products) with a type confusion in the removeTemplate method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw allows code execution in the context of ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14284

Foxit Reader CVE-2018-14284 affects Foxit Reader 9.0.1.1049 and is rooted in the newDoc function: the code fails to verify the existence of an object before operating on it, enabling remote code execution with user interaction. The vulnerability has been discussed in multiple advisories (ZDI-18-7...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17627

Foxit Reader/PhantomPDF for Windows (Foxit Reader 9.2.0.9297 and earlier) contains a vulnerability in the XFA mouseUp handling that can trigger a use-after-free, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affecte...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17630

Foxit Reader openPlayer Use-After-Free remote Code Execution (CVE-2018-17630) affects Foxit Reader and related components. The root cause is failure to validate the existence of an object before performing operations in the openPlayer method, enabling an attacker to execute code in the process co...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17631

CVE-2018-17631 affects Foxit Reader 9.2.0.9297 and relates to a memory misreference in the removeInstance handling. The root cause is a lack of validation for an object’s existence before performing operations, which can enable remote code execution. Exploitation requires user interaction (e.g., ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17634

CVE-2018-17634 affects Foxit Reader 9.2.0.9297 and earlier; the vulnerability is a use-after-free in the attachIcon handling of Annotation objects, caused by not validating the existence of an object before operations. Remote code execution is possible with user interaction (visit a malicious pag...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17635

Foxit Reader (Windows) vulnerability CVE-2018-17635 affects version 9.2.0.9297 and earlier. The flaw is in XFA object handling (desc property): the code fails to validate an object before performing operations, enabling remote code execution via a malicious file or page. User interaction is requi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17655

CVE-2018-17655 affects Foxit Reader (Windows) 9.2.0.9297 and earlier, with multiple sources confirming a moveInstance handling flaw in Form objects. The root cause is the failure to validate object existence before performing operations, enabling remote code execution. Attack requires user intera...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17660

CVE-2018-17660 affects Foxit Reader 9.2.0.9297 on Windows. The flaw resides in the resetData method of a Host object, failing to validate the existence of an object before performing operations, which can allow an attacker to execute arbitrary code in the current process. The vulnerability requir...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17665

Foxit Reader 9.2.0.9297 is affected by CVE-2018-17665. The vulnerability arises from improper handling of the currentPage property of a Host object, due to a missing validation of the object’s existence before performing operations. This can allow a remote attacker to execute arbitrary code in th...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.50 views

CVE-2018-17690

The CVE-2018-17690 vulnerability affects Foxit PhantomPDF (Windows) 9.2.0.9297 and earlier, where the rect property handling of a Link object can lead to remote code execution. The flaw stems from not validating the existence of an object before performing operations, enabling an attacker to exec...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.50 views

CVE-2018-17706

Summary: CVE-2018-17706 affects Foxit PhantomPDF/Phantom PDF 9.1.5096 and related versions. The issue is an out-of-bounds memory access in fxhtml2pdf caused by insufficient validation of user-supplied data during HTML conversion, enabling remote code execution. Exploitation requires user interact...

8.8CVSS7.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9949

CVE-2018-9949 affects Foxit Reader 9.0.0.29935. The issue is a TIFF parsing heap-based buffer overflow caused by insufficient validation of user-supplied data length, allowing remote code execution with the current process context. Exploitation requires user interaction (visiting a malicious page...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9953

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9953. The vulnerability lies in the XFA resolveNodes method of Button elements, where code executes without validating the existence of an object before performing operations. This allows remote code execution with the current process context and re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-9961

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9961. The vulnerability stems from the parsing of the Field rect attribute, due to not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user opens a malicious file or vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.50 views

CVE-2021-27263

The CVE-2021-27263 entry describes an out-of-bounds read in Foxit PhantomPDF 10.1.0.37527 related to U3D object handling in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object and potential information disclosure. Exploitat...

4.3CVSS3.8AI score0.02899EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.50 views

CVE-2021-31442

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31442. The vulnerability stems from improper validation in the handling of U3D objects within PDF files, causing a write past the end of an allocated data structure. This allows remote code execution with the attacker’s code running in the context...

7.8CVSS7.8AI score0.02819EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-10477

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10477 due to a parsing flaw in U3D Chain Index objects. The issue allows remote code execution via a malicious page or file, requiring user interaction, and is due to improper validation that can cause a write past the end of an allocated object. T...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-10478

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the parsing of U3D Texture Coord Dimensions objects. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated object. Exploitation requires user interac...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-10485

CVE-2018-10485 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read in the U3D Texture Height structures caused by insufficient validation of user-supplied data, allowing a remote attacker to disclose sensitive information. Exploitation requires user interaction (visiting ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.49 views

CVE-2018-17607

CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17637

Foxit Reader (Windows) vulnerable: Foxit Reader 9.2.0.9297 and earlier exposes a flaw in loadXML handling within the XFA object, where the code fails to validate the existence of an object before performing operations. This results in a use-after-free/memory misreference type condition that can a...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17641

Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17641 due to a use-after-free in TimeField.deleteItem, caused by not validating object existence. This allows remote code execution with user interaction (visiting a malicious page or opening a malformed file). Some sources als...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17646

Foxit Reader 9.2.0.9297 on Windows is affected by CVE-2018-17646. The vulnerability arises in the TimeField fillColor handling, due to a lack of validating the existence of an object before performing operations. This can allow remote attackers to execute arbitrary code in the context of the curr...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17670

CVE-2018-17670 affects Foxit Reader up to version 9.2.0.9297 where the XFA object content handling allows remote code execution. The vulnerability arises from failing to validate the existence of an object before performing operations on it, enabling an attacker to execute code in the current pro...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17697

Foxit Reader 9.2.0.9297 and earlier are affected by a templates handling vulnerability where code executes due to a missing object existence check, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction; advisory ZDI-18-1215 describes a use-a...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.49 views

CVE-2018-17699

The CVE-2018-17699 issue affects Foxit Reader 9.2.0.9297 and earlier on Windows, where the PDF processing path fails to validate user-supplied data, causing an out-of-bounds read (read past the end of an allocated buffer). This enables remote information disclosure and, when combined with other v...

6.5CVSS6.2AI score0.04088EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9966

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9966 due to a vulnerability in TextBox Calculate handling. The flaw stems from not validating the existence of an object before performing operations, leading to a remote code execution in the context of the current process after user interaction (e...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9972

This CVE (CVE-2018-9972) affects Foxit Reader 9.0.1.1049. The vulnerability stems from ConvertToPDF_x86.dll where improper validation of user-supplied data can cause a read past the end of an allocated object. This can lead to information disclosure and, in combination with other vulnerabilities,...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9974

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9974. The issue lies in ConvertToPDF_x86.dll where improper validation of the length of user-supplied data to a heap-based buffer allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.49 views

CVE-2018-9978

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D parsing code. The issue is an out-of-bounds read caused by improper validation of user-supplied data, enabling remote disclosure when a user visits a malicious page or opens a malicious file. The vulnerabil...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/06/04 3:47 p.m.49 views

CVE-2019-20819

CVE-2019-20819 affects Foxit Reader and PhantomPDF versions before 9.7. The vulnerability arises from nested function calls during XML parsing, causing stack exhaustion and potentially crashing the application. Remediation: upgrade to Foxit Reader/PhantomPDF 9.7 or newer. Other sources reiterate ...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 2:40 p.m.49 views

CVE-2020-13805

The CVE-2020-13805 entry concerns Foxit Reader and PhantomPDF prior to 9.7.2 where the CAS login service does not limit login failures, enabling brute-force attack attempts. Concrete details across connected sources confirm the affected products (Foxit Reader/PhantomPDF) and the root cause (unlim...

9.8CVSS9.3AI score0.01512EPSS
CVE
CVE
added 2020/10/02 8:2 a.m.49 views

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

9.8CVSS9.4AI score0.02394EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.48 views

CVE-2018-14249

CVE-2018-14249 is a type-confusion remote code execution in Foxit Reader’s exportDataObject method. Affected product: Foxit Reader (9.0.1.1049) with exploitation requiring user interaction (malicious page or file) via JavaScript to trigger the flaw. Documents also reference a broader set of relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.48 views

CVE-2018-14315

CVE-2018-14315 affects Foxit Reader versions older than 9.2.0.9097, where the vulnerability lies in how annotations are handled. The flaw is due to not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process when a u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.48 views

CVE-2018-17618

Foxit Reader 9.0.1.5096 is affected by a selection-change handling vulnerability that allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code in the current process when a user visits a m...

8.8CVSS7.8AI score0.03279EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17648

Foxit Reader (Windows) vulnerability CVE-2018-17648 affects Foxit Reader 9.2.0.9297 and enables remote code execution via the TimeField rotate property after an object existence check fails. Attack requires user interaction (visit a malicious page or open a malicious file). Connected sources (e.g...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17649

CVE-2018-17649 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from handling of the TimeField setAttribute method, due to lack of validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process wh...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17674

Foxit Reader 9.2.0.9297 (and older) is affected by CVE-2018-17674. The issue is a memory misreference/use-after-free in the handling of the name property of Annotation objects, arising from not validating the existence of an object before operations. Exploitation requires user interaction (target...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17677

Foxit Reader 9.2.0.9297 is affected by CVE-2018-17677 due to a flaw in the mailDoc handling of the app object. The vulnerability stems from not validating the existence of an object before performing operations, leading to use-after-free and remote code execution. Exploitation requires user inter...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17702

This entry details a Windows vulnerability in Foxit Reader 9.2.0.9297 (and earlier) where the RichValue handling of button objects allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.48 views

CVE-2018-17705

CVE-2018-17705 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from the handling of the display property of CheckBox objects, due to not validating the existence of an object before performing operations, enabling remote code execution via a malicious page or file with user ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.48 views

CVE-2018-5676

Foxit PhantomPDF/Reader vuln CVE-2018-5676: affected if app is before 9.1; parsing of PDF with embedded u3d images can overflow a heap-based buffer, enabling arbitrary code execution. Requires user interaction (open malicious PDF/page or visit malicious page). Impact described as code execution u...

8.8CVSS8.8AI score0.03371EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9939

Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9946

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9946 due to a setTimeOut handling flaw where code executes without validating the existence of an object before operations. This can disclose sensitive information; exploitation requires user interaction (visit a malicious page or open a malicious ...

6.5CVSS6.5AI score0.03EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9956

Foxit Reader 9.0.1.1049 is affected by a remote code execution vulnerability in the XFA Button handling. The flaw occurs when setting the title attribute; the code path does not validate the existence of an object before performing operations, enabling an attacker to execute code in the process c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.48 views

CVE-2018-9960

CVE-2018-9960 affects Foxit Reader 9.0.1.1049. The vulnerability stems from the parsing of the textColor Field attribute where the code fails to validate the existence of an object before performing operations, allowing remote code execution under the current process. Exploitation requires user i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/06/04 3:48 p.m.48 views

CVE-2019-20820

CVE-2019-20820 affects Foxit Reader and Foxit PhantomPDF prior to version 9.7. The issue is a NULL pointer dereference during parsing of file data, which can lead to a crash/denial of service as described across multiple sources. Affected component: PDF file data parsing within Foxit’s reader/pdf...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 4:53 p.m.48 views

CVE-2019-20829

Foxit Reader and PhantomPDF are affected by CVE-2019-20829 due to a NULL pointer dereference in FXSYS_wcslen while processing EPUB files, impacting versions before 9.6. This can cause the application to crash. Remediation: upgrade to Foxit 9.6 or later (as indicated by multiple connected sources).

7.5CVSS7.4AI score0.01544EPSS
Total number of security vulnerabilities549