549 matches found
CVE-2020-13808
CVE-2020-13808 affects Foxit Reader and PhantomPDF prior to 9.7.2. The issue enables resource consumption via crafted cross-reference stream data, described as a resource management vulnerability that can lead to denial of service. The public documents do not provide exploitation details or concr...
CVE-2021-31448
Foxit Reader 10.1.1.37576 is affected by a U3D parsing out-of-bounds read in PDF handling. The flaw is due to improper validation of user-supplied data within embedded U3D objects, leading to a read past the end of an allocated object. This can disclose sensitive information and, when combined wi...
CVE-2021-31449
Foxit Reader 10.1.1.37576 is affected by a U3D object parsing flaw in PDFs that does not validate the existence of an object before freeing it, leading to remote code execution. The issue can be triggered by a user visiting a malicious page or opening a malicious file; exploitation occurs in the ...
CVE-2018-16294
An exploitable use-after-free in Foxit Reader before 9.3 and PhantomPDF before 9.3 within the JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. User interaction is required (opening the malicious PDF); if the browser plug...
CVE-2018-17643
CVE-2018-17643 affects Foxit Reader 9.2.0.9297 on Windows. The vulnerability stems from the TimeField editValue handling, caused by not validating the existence of an object before performing operations, effectively a use-after-free scenario. This allows remote code execution in the context of th...
CVE-2018-17657
CVE-2018-17657 affects Foxit Reader 9.2.0.9297 (and related Foxit products per CNVD/CVEs) where the gotoURL host object is not validating the existence of an object before performing operations. This use-after-free style flaw enables remote code execution with the current process context when a u...
CVE-2018-17659
CVE-2018-17659 affects Foxit Reader 9.2.0.9297 (and earlier Windows versions per CNVD entry). The flaw is in the Host object’s title handling, caused by failure to validate the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...
CVE-2018-17666
CVE-2018-17666 affects Foxit Reader 9.2.0.9297 and earlier for Windows, with a flaw in the exportData host object handling that fails to validate object existence, enabling remote code execution via a malicious page or file and requiring user interaction. The root cause is a lack of existence val...
CVE-2018-17667
CVE-2018-17667 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is in the Host object’s print method where an object’s existence isn’t validated before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). M...
CVE-2018-17672
Foxit Reader
CVE-2018-17673
CVE-2018-17673 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the Annotation object's subtype property, caused by not validating the existence of an object before operations, enabling remote code execution. User interaction is required (malicious page or fi...
CVE-2018-17676
Foxit Reader 9.2.0.9297 is vulnerable to a remote code execution flaw in the removeField handling of an app object. The issue arises from not validating the existence of an object before performing operations, effectively enabling an attacker to execute code in the context of the current process....
CVE-2018-17678
Foxit Reader 9.2.0.9297 is affected by a remote code execution vulnerability in the gotoNamedDest handling of the app object. The flaw arises from not validating the existence of an object before performing operations, enabling code execution in the context of the current process when a user open...
CVE-2018-17681
Foxit Reader (Windows) vulnerability CVE-2018-17681 affects version 9.2.0.9297 and earlier, due to a getPageBox handling flaw in a Form where code assumes an object exists and proceeds without validation. This allows remote code execution with user interaction (targets must open a malicious page ...
CVE-2018-5675
CVE-2018-5675 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The flaw occurs in the processing of PDF files with embedded u3d images, where crafted data can trigger an out-of-bounds write in a buffer, allowing remote code execution under the current process. An attacker must ent...
CVE-2018-9943
Foxit Reader 9.0.0.29935 is affected by a type-confusion vulnerability in the openList handling that enables remote code execution when a user visits a malicious page or opens a malicious file. Root cause: improper validation of user-supplied data leading to type confusion; attack context is the ...
CVE-2018-9945
Foxit Reader 9.0.0.29935 is affected by a getField use-after-free/validation flaw that allows remote code execution when a user opens a malicious file or visits a malicious page. The root cause is failure to validate the existence of an object before operating on it, enabling arbitrary code execu...
CVE-2018-9964
CVE-2018-9964 affects Foxit Reader 9.0.1.1049, where the vulnerability lies in parsing the name attribute of OCG objects. The issue stems from not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process. The vulnerab...
CVE-2018-9967
Foxit Reader 9.0.1.1049 is affected by a TextBox Format Use-After-Free/validation flaw that allows remote code execution when a user opens a malicious file or visits a crafted page. The issue stems from failing to validate the existence of a TextBox object before performing operations, enabling c...
CVE-2018-9975
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9975 due to a shift-event handling flaw. The issue stems from not validating the existence of an object before performing operations, enabling a remote attacker to execute code in the context of the current process after user interaction (visiting a...
CVE-2018-9980
Foxit Reader 9.0.0.29935 is affected by a U3D parsing out-of-bounds read vulnerability that can disclose sensitive information. The flaw stems from insufficient validation of user-supplied data during U3D parsing, allowing remote attackers to read past the end of an allocated object. Exploitation...
CVE-2018-9982
Summary : CVE-2018-9982 affects Foxit Reader 9.0.0.29935 and is linked to a flaw in parsing the Texture Width in U3D files, causing an out-of-bounds write that can execute arbitrary code. The vulnerability allows remote code execution with the attacker hosting a malicious page or file; user inter...
CVE-2021-31443
Foxit Reader 10.1.1.37576 contains an information disclosure vulnerability in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of user-supplied data, causing a read past the end of an allocated object (out-of-bounds read). Exploitation requires user ...
CVE-2018-16296
Technical details about CVE-2018-16296 are not present in the provided connected documents. The supplied sources do not specify affected products/versions, impact, or remediation. Monitor for updates from official sources.
CVE-2018-17632
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17632. The flaw lies in the resolveNode handling, where lack of validation of an object before operations leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2018-17636
CVE-2018-17636 affects Foxit Reader 9.2.0.9297 for Windows, with a vulnerability in the handling of the id property of an aliasNode that can lead to remote code execution. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to r...
CVE-2018-17639
The CVE-2018-17639 issue affects Foxit Reader 9.2.0.9297 and earlier, allowing remote code execution when a user visits a malicious page or opens a malicious file. The root cause is a failure to validate the existence of an object before performing operations in the setElement method, enabling co...
CVE-2018-17645
The CVE-2018-17645 entry concerns Foxit Reader 9.2.0.9297 on Windows, where the vAlign handling of TimeField crashes when an object existence is not validated. This results in remote code execution in the context of the current process, with user interaction required (visiting a malicious page or...
CVE-2018-17650
CVE-2018-17650 affects Foxit Reader for Windows (version 9.2.0.9297 and earlier per CNVD/NVD references). The vulnerability stems from the TimeField.resolveNodes path where the code fails to validate the existence of an object before performing operations, enabling an attacker to execute arbitrar...
CVE-2018-17684
Foxit Reader (Windows) vulnerable to remote code execution in version 9.2.0.9297 and earlier due to a isPropertySpecified handling flaw that lacks object-existence validation. Exploitation requires user interaction (malicious page/file). Impact is execution in the current process context; advisor...
CVE-2018-17685
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17685 due to a type confusion in PDF handling. The issue allows remote code execution when a user opens a malicious file or visits a malicious page, and requires user interaction. The vulnerability is confirmed across multiple sources (e.g., ZDI-18-...
CVE-2018-9938
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9938. The vulnerability stems from improper validation in the absPageSpan method, causing a type confusion condition that allows remote attackers to execute arbitrary code in the context of the current process. Exploitation requires user interactio...
CVE-2018-9940
CVE-2018-9940 affects Foxit Reader 9.0.0.29935. The flaw resides in the handling of the layout sheet attribute, caused by insufficient validation of user-supplied data, resulting in a type-confusion condition that enables remote code execution under the current process. User interaction is requir...
CVE-2018-9968
This entry documents a Foxit Reader 9.0.1.1049 remote code execution vulnerability (CVE-2018-9968). The flaw lies in TextBox keyboard input handling where an object’s existence isn’t validated before operations, enabling an attacker to execute code in the current process when a user visits a mali...
CVE-2018-9973
CVE-2018-9973 affects Foxit Reader 9.0.1.1049. The flaw is an out-of-bounds read during ePub file parsing caused by insufficient validation of input data, which can lead to sensitive information disclosure and, in combination with other vulnerabilities, arbitrary code execution in the affected pr...
CVE-2018-9984
CVE-2018-9984 affects Foxit Reader 9.0.0.29935. The vulnerability is in the parsing of Texture Image Channels objects inside U3D files, caused by insufficient validation of user-supplied data, which can lead to a read past the end of an allocated object and information disclosure. Exploitation re...
CVE-2019-20817
Foxit Reader and PhantomPDF prior to v9.7 are affected by a NULL pointer dereference in the code paths described across multiple sources. The issue is triggered in the products Foxit Reader and Foxit PhantomPDF before version 9.7; upgrading to 9.7 or later is the stated mitigation. The connected ...
CVE-2020-13806
CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...
CVE-2021-31444
CVE-2021-31444 affects Foxit Reader 10.1.1.37576. The flaw is in the handling of embedded U3D objects in PDFs, caused by insufficient validation, leading to a read past the end of an allocated object. This results in information disclosure and, when combined with other vulnerabilities, can be lev...
CVE-2021-31447
The CVE-2021-31447 issue affects Foxit Reader 10.1.1.37576 and is due to a flaw in handling U3D objects embedded in PDF files, causing a read past the end of an allocated object (out-of-bounds read). This is a local/peer-access concern that could enable information disclosure, with exploitation r...
CVE-2018-17686
CVE-2018-17686 affects Foxit Reader (Windows) with a BMP image processing flaw. The connected advisories describe an out-of-bounds read in the BMP handling that can disclose sensitive information, requiring user interaction (e.g., visiting a malicious page or opening a malicious file). The vulner...
CVE-2018-9944
CVE-2018-9944 affects Foxit Reader 9.0.0.29935. The vulnerability resides in the addLink method and stems from not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...
CVE-2018-9962
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9962. The vulnerability stems from parsing of the Annotation author attribute and a missing validation of object existence, enabling remote code execution when a user opens a malicious file or visits a malicious page. The root cause is a use-after-f...
CVE-2020-13803
CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...
CVE-2018-17644
Foxit Reader (Windows) versions up to 9.2.0.9297 are affected by CVE-2018-17644. The flaw is in the TimeField addItem handling, arising from not validating the existence of an object before operating on it, which can lead to remote code execution in the context of the current process. Exploitatio...
CVE-2018-17656
Foxit Reader (Windows) 9.2.0.9297 and Foxit PhantomPDF 9.2.0.9297 and earlier are affected by a vulnerability in the TimeField getDisplayItem handling that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an att...
CVE-2018-17653
The CVE-2018-17653 entry concerns Foxit Reader 9.2.0.9297 (and earlier) where the flaw is in the TimeField.resolveNode handling; the code fails to verify the existence of an object before performing operations, enabling remote code execution in the current process. Exploitation requires user inte...
CVE-2020-13810
The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...
CVE-2019-6771
CVE-2019-6771 affects Foxit Reader 2019.010.20098. The issue is in the handling of the value property of a Field object within AcroForms, caused by not validating the existence of an object before performing operations. This can be exploited to disclose sensitive information and, when combined wi...