549 matches found
CVE-2018-14273
CVE-2018-14273 affects Foxit Reader (and related Foxit products) with a type confusion in the removeTemplate method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw allows code execution in the context of ...
CVE-2018-14284
Foxit Reader CVE-2018-14284 affects Foxit Reader 9.0.1.1049 and is rooted in the newDoc function: the code fails to verify the existence of an object before operating on it, enabling remote code execution with user interaction. The vulnerability has been discussed in multiple advisories (ZDI-18-7...
CVE-2018-17627
Foxit Reader/PhantomPDF for Windows (Foxit Reader 9.2.0.9297 and earlier) contains a vulnerability in the XFA mouseUp handling that can trigger a use-after-free, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affecte...
CVE-2018-17630
Foxit Reader openPlayer Use-After-Free remote Code Execution (CVE-2018-17630) affects Foxit Reader and related components. The root cause is failure to validate the existence of an object before performing operations in the openPlayer method, enabling an attacker to execute code in the process co...
CVE-2018-17631
CVE-2018-17631 affects Foxit Reader 9.2.0.9297 and relates to a memory misreference in the removeInstance handling. The root cause is a lack of validation for an object’s existence before performing operations, which can enable remote code execution. Exploitation requires user interaction (e.g., ...
CVE-2018-17634
CVE-2018-17634 affects Foxit Reader 9.2.0.9297 and earlier; the vulnerability is a use-after-free in the attachIcon handling of Annotation objects, caused by not validating the existence of an object before operations. Remote code execution is possible with user interaction (visit a malicious pag...
CVE-2018-17635
Foxit Reader (Windows) vulnerability CVE-2018-17635 affects version 9.2.0.9297 and earlier. The flaw is in XFA object handling (desc property): the code fails to validate an object before performing operations, enabling remote code execution via a malicious file or page. User interaction is requi...
CVE-2018-17655
CVE-2018-17655 affects Foxit Reader (Windows) 9.2.0.9297 and earlier, with multiple sources confirming a moveInstance handling flaw in Form objects. The root cause is the failure to validate object existence before performing operations, enabling remote code execution. Attack requires user intera...
CVE-2018-17660
CVE-2018-17660 affects Foxit Reader 9.2.0.9297 on Windows. The flaw resides in the resetData method of a Host object, failing to validate the existence of an object before performing operations, which can allow an attacker to execute arbitrary code in the current process. The vulnerability requir...
CVE-2018-17665
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17665. The vulnerability arises from improper handling of the currentPage property of a Host object, due to a missing validation of the object’s existence before performing operations. This can allow a remote attacker to execute arbitrary code in th...
CVE-2018-17690
The CVE-2018-17690 vulnerability affects Foxit PhantomPDF (Windows) 9.2.0.9297 and earlier, where the rect property handling of a Link object can lead to remote code execution. The flaw stems from not validating the existence of an object before performing operations, enabling an attacker to exec...
CVE-2018-17706
Summary: CVE-2018-17706 affects Foxit PhantomPDF/Phantom PDF 9.1.5096 and related versions. The issue is an out-of-bounds memory access in fxhtml2pdf caused by insufficient validation of user-supplied data during HTML conversion, enabling remote code execution. Exploitation requires user interact...
CVE-2018-9949
CVE-2018-9949 affects Foxit Reader 9.0.0.29935. The issue is a TIFF parsing heap-based buffer overflow caused by insufficient validation of user-supplied data length, allowing remote code execution with the current process context. Exploitation requires user interaction (visiting a malicious page...
CVE-2018-9953
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9953. The vulnerability lies in the XFA resolveNodes method of Button elements, where code executes without validating the existence of an object before performing operations. This allows remote code execution with the current process context and re...
CVE-2018-9961
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9961. The vulnerability stems from the parsing of the Field rect attribute, due to not validating the existence of an object before performing operations, enabling remote code execution in the current process when a user opens a malicious file or vi...
CVE-2021-27263
The CVE-2021-27263 entry describes an out-of-bounds read in Foxit PhantomPDF 10.1.0.37527 related to U3D object handling in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object and potential information disclosure. Exploitat...
CVE-2021-31442
Foxit Reader 10.1.1.37576 is affected by CVE-2021-31442. The vulnerability stems from improper validation in the handling of U3D objects within PDF files, causing a write past the end of an allocated data structure. This allows remote code execution with the attacker’s code running in the context...
CVE-2018-10477
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10477 due to a parsing flaw in U3D Chain Index objects. The issue allows remote code execution via a malicious page or file, requiring user interaction, and is due to improper validation that can cause a write past the end of an allocated object. T...
CVE-2018-10478
Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the parsing of U3D Texture Coord Dimensions objects. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated object. Exploitation requires user interac...
CVE-2018-10485
CVE-2018-10485 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read in the U3D Texture Height structures caused by insufficient validation of user-supplied data, allowing a remote attacker to disclose sensitive information. Exploitation requires user interaction (visiting ...
CVE-2018-17607
CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...
CVE-2018-17637
Foxit Reader (Windows) vulnerable: Foxit Reader 9.2.0.9297 and earlier exposes a flaw in loadXML handling within the XFA object, where the code fails to validate the existence of an object before performing operations. This results in a use-after-free/memory misreference type condition that can a...
CVE-2018-17641
Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17641 due to a use-after-free in TimeField.deleteItem, caused by not validating object existence. This allows remote code execution with user interaction (visiting a malicious page or opening a malformed file). Some sources als...
CVE-2018-17646
Foxit Reader 9.2.0.9297 on Windows is affected by CVE-2018-17646. The vulnerability arises in the TimeField fillColor handling, due to a lack of validating the existence of an object before performing operations. This can allow remote attackers to execute arbitrary code in the context of the curr...
CVE-2018-17670
CVE-2018-17670 affects Foxit Reader up to version 9.2.0.9297 where the XFA object content handling allows remote code execution. The vulnerability arises from failing to validate the existence of an object before performing operations on it, enabling an attacker to execute code in the current pro...
CVE-2018-17697
Foxit Reader 9.2.0.9297 and earlier are affected by a templates handling vulnerability where code executes due to a missing object existence check, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction; advisory ZDI-18-1215 describes a use-a...
CVE-2018-17699
The CVE-2018-17699 issue affects Foxit Reader 9.2.0.9297 and earlier on Windows, where the PDF processing path fails to validate user-supplied data, causing an out-of-bounds read (read past the end of an allocated buffer). This enables remote information disclosure and, when combined with other v...
CVE-2018-9966
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9966 due to a vulnerability in TextBox Calculate handling. The flaw stems from not validating the existence of an object before performing operations, leading to a remote code execution in the context of the current process after user interaction (e...
CVE-2018-9972
This CVE (CVE-2018-9972) affects Foxit Reader 9.0.1.1049. The vulnerability stems from ConvertToPDF_x86.dll where improper validation of user-supplied data can cause a read past the end of an allocated object. This can lead to information disclosure and, in combination with other vulnerabilities,...
CVE-2018-9974
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9974. The issue lies in ConvertToPDF_x86.dll where improper validation of the length of user-supplied data to a heap-based buffer allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...
CVE-2018-9978
Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D parsing code. The issue is an out-of-bounds read caused by improper validation of user-supplied data, enabling remote disclosure when a user visits a malicious page or opens a malicious file. The vulnerabil...
CVE-2019-20819
CVE-2019-20819 affects Foxit Reader and PhantomPDF versions before 9.7. The vulnerability arises from nested function calls during XML parsing, causing stack exhaustion and potentially crashing the application. Remediation: upgrade to Foxit Reader/PhantomPDF 9.7 or newer. Other sources reiterate ...
CVE-2020-13805
The CVE-2020-13805 entry concerns Foxit Reader and PhantomPDF prior to 9.7.2 where the CAS login service does not limit login failures, enabling brute-force attack attempts. Concrete details across connected sources confirm the affected products (Foxit Reader/PhantomPDF) and the root cause (unlim...
CVE-2020-26534
CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...
CVE-2018-14249
CVE-2018-14249 is a type-confusion remote code execution in Foxit Reader’s exportDataObject method. Affected product: Foxit Reader (9.0.1.1049) with exploitation requiring user interaction (malicious page or file) via JavaScript to trigger the flaw. Documents also reference a broader set of relat...
CVE-2018-14315
CVE-2018-14315 affects Foxit Reader versions older than 9.2.0.9097, where the vulnerability lies in how annotations are handled. The flaw is due to not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process when a u...
CVE-2018-17618
Foxit Reader 9.0.1.5096 is affected by a selection-change handling vulnerability that allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code in the current process when a user visits a m...
CVE-2018-17648
Foxit Reader (Windows) vulnerability CVE-2018-17648 affects Foxit Reader 9.2.0.9297 and enables remote code execution via the TimeField rotate property after an object existence check fails. Attack requires user interaction (visit a malicious page or open a malicious file). Connected sources (e.g...
CVE-2018-17649
CVE-2018-17649 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from handling of the TimeField setAttribute method, due to lack of validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process wh...
CVE-2018-17674
Foxit Reader 9.2.0.9297 (and older) is affected by CVE-2018-17674. The issue is a memory misreference/use-after-free in the handling of the name property of Annotation objects, arising from not validating the existence of an object before operations. Exploitation requires user interaction (target...
CVE-2018-17677
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17677 due to a flaw in the mailDoc handling of the app object. The vulnerability stems from not validating the existence of an object before performing operations, leading to use-after-free and remote code execution. Exploitation requires user inter...
CVE-2018-17702
This entry details a Windows vulnerability in Foxit Reader 9.2.0.9297 (and earlier) where the RichValue handling of button objects allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code ...
CVE-2018-17705
CVE-2018-17705 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from the handling of the display property of CheckBox objects, due to not validating the existence of an object before performing operations, enabling remote code execution via a malicious page or file with user ...
CVE-2018-5676
Foxit PhantomPDF/Reader vuln CVE-2018-5676: affected if app is before 9.1; parsing of PDF with embedded u3d images can overflow a heap-based buffer, enabling arbitrary code execution. Requires user interaction (open malicious PDF/page or visit malicious page). Impact described as code execution u...
CVE-2018-9939
Foxit Reader 9.0.0.29935 is affected by a Type Confusion in the XFA layout handling that could allow remote code execution. The flaw arises from improper validation of user-supplied data, enabling an attacker to run code in the current process context after the target views a malicious page or fi...
CVE-2018-9946
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9946 due to a setTimeOut handling flaw where code executes without validating the existence of an object before operations. This can disclose sensitive information; exploitation requires user interaction (visit a malicious page or open a malicious ...
CVE-2018-9956
Foxit Reader 9.0.1.1049 is affected by a remote code execution vulnerability in the XFA Button handling. The flaw occurs when setting the title attribute; the code path does not validate the existence of an object before performing operations, enabling an attacker to execute code in the process c...
CVE-2018-9960
CVE-2018-9960 affects Foxit Reader 9.0.1.1049. The vulnerability stems from the parsing of the textColor Field attribute where the code fails to validate the existence of an object before performing operations, allowing remote code execution under the current process. Exploitation requires user i...
CVE-2019-20820
CVE-2019-20820 affects Foxit Reader and Foxit PhantomPDF prior to version 9.7. The issue is a NULL pointer dereference during parsing of file data, which can lead to a crash/denial of service as described across multiple sources. Affected component: PDF file data parsing within Foxit’s reader/pdf...
CVE-2019-20829
Foxit Reader and PhantomPDF are affected by CVE-2019-20829 due to a NULL pointer dereference in FXSYS_wcslen while processing EPUB files, impacting versions before 9.6. This can cause the application to crash. Remediation: upgrade to Foxit 9.6 or later (as indicated by multiple connected sources).