Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2020/06/04 2:53 p.m.48 views

CVE-2020-13808

CVE-2020-13808 affects Foxit Reader and PhantomPDF prior to 9.7.2. The issue enables resource consumption via crafted cross-reference stream data, described as a resource management vulnerability that can lead to denial of service. The public documents do not provide exploitation details or concr...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.48 views

CVE-2021-31448

Foxit Reader 10.1.1.37576 is affected by a U3D parsing out-of-bounds read in PDF handling. The flaw is due to improper validation of user-supplied data within embedded U3D objects, leading to a read past the end of an allocated object. This can disclose sensitive information and, when combined wi...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.48 views

CVE-2021-31449

Foxit Reader 10.1.1.37576 is affected by a U3D object parsing flaw in PDFs that does not validate the existence of an object before freeing it, leading to remote code execution. The issue can be triggered by a user visiting a malicious page or opening a malicious file; exploitation occurs in the ...

7.8CVSS7.8AI score0.02819EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.47 views

CVE-2018-16294

An exploitable use-after-free in Foxit Reader before 9.3 and PhantomPDF before 9.3 within the JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. User interaction is required (opening the malicious PDF); if the browser plug...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17643

CVE-2018-17643 affects Foxit Reader 9.2.0.9297 on Windows. The vulnerability stems from the TimeField editValue handling, caused by not validating the existence of an object before performing operations, effectively a use-after-free scenario. This allows remote code execution in the context of th...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17657

CVE-2018-17657 affects Foxit Reader 9.2.0.9297 (and related Foxit products per CNVD/CVEs) where the gotoURL host object is not validating the existence of an object before performing operations. This use-after-free style flaw enables remote code execution with the current process context when a u...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17659

CVE-2018-17659 affects Foxit Reader 9.2.0.9297 (and earlier Windows versions per CNVD entry). The flaw is in the Host object’s title handling, caused by failure to validate the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17666

CVE-2018-17666 affects Foxit Reader 9.2.0.9297 and earlier for Windows, with a flaw in the exportData host object handling that fails to validate object existence, enabling remote code execution via a malicious page or file and requiring user interaction. The root cause is a lack of existence val...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17667

CVE-2018-17667 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is in the Host object’s print method where an object’s existence isn’t validated before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). M...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17672

Foxit Reader

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17673

CVE-2018-17673 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the Annotation object's subtype property, caused by not validating the existence of an object before operations, enabling remote code execution. User interaction is required (malicious page or fi...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17676

Foxit Reader 9.2.0.9297 is vulnerable to a remote code execution flaw in the removeField handling of an app object. The issue arises from not validating the existence of an object before performing operations, effectively enabling an attacker to execute code in the context of the current process....

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17678

Foxit Reader 9.2.0.9297 is affected by a remote code execution vulnerability in the gotoNamedDest handling of the app object. The flaw arises from not validating the existence of an object before performing operations, enabling code execution in the context of the current process when a user open...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.47 views

CVE-2018-17681

Foxit Reader (Windows) vulnerability CVE-2018-17681 affects version 9.2.0.9297 and earlier, due to a getPageBox handling flaw in a Form where code assumes an object exists and proceeds without validation. This allows remote code execution with user interaction (targets must open a malicious page ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.47 views

CVE-2018-5675

CVE-2018-5675 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The flaw occurs in the processing of PDF files with embedded u3d images, where crafted data can trigger an out-of-bounds write in a buffer, allowing remote code execution under the current process. An attacker must ent...

8.8CVSS8.8AI score0.04008EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9943

Foxit Reader 9.0.0.29935 is affected by a type-confusion vulnerability in the openList handling that enables remote code execution when a user visits a malicious page or opens a malicious file. Root cause: improper validation of user-supplied data leading to type confusion; attack context is the ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9945

Foxit Reader 9.0.0.29935 is affected by a getField use-after-free/validation flaw that allows remote code execution when a user opens a malicious file or visits a malicious page. The root cause is failure to validate the existence of an object before operating on it, enabling arbitrary code execu...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9964

CVE-2018-9964 affects Foxit Reader 9.0.1.1049, where the vulnerability lies in parsing the name attribute of OCG objects. The issue stems from not validating the existence of an object before performing operations, enabling remote code execution in the context of the current process. The vulnerab...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9967

Foxit Reader 9.0.1.1049 is affected by a TextBox Format Use-After-Free/validation flaw that allows remote code execution when a user opens a malicious file or visits a crafted page. The issue stems from failing to validate the existence of a TextBox object before performing operations, enabling c...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9975

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9975 due to a shift-event handling flaw. The issue stems from not validating the existence of an object before performing operations, enabling a remote attacker to execute code in the context of the current process after user interaction (visiting a...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9980

Foxit Reader 9.0.0.29935 is affected by a U3D parsing out-of-bounds read vulnerability that can disclose sensitive information. The flaw stems from insufficient validation of user-supplied data during U3D parsing, allowing remote attackers to read past the end of an allocated object. Exploitation...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.47 views

CVE-2018-9982

Summary : CVE-2018-9982 affects Foxit Reader 9.0.0.29935 and is linked to a flaw in parsing the Texture Width in U3D files, causing an out-of-bounds write that can execute arbitrary code. The vulnerability allows remote code execution with the attacker hosting a malicious page or file; user inter...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.47 views

CVE-2021-31443

Foxit Reader 10.1.1.37576 contains an information disclosure vulnerability in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of user-supplied data, causing a read past the end of an allocated object (out-of-bounds read). Exploitation requires user ...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.46 views

CVE-2018-16296

Technical details about CVE-2018-16296 are not present in the provided connected documents. The supplied sources do not specify affected products/versions, impact, or remediation. Monitor for updates from official sources.

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17632

Foxit Reader 9.2.0.9297 is affected by CVE-2018-17632. The flaw lies in the resolveNode handling, where lack of validation of an object before operations leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or openi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17636

CVE-2018-17636 affects Foxit Reader 9.2.0.9297 for Windows, with a vulnerability in the handling of the id property of an aliasNode that can lead to remote code execution. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to r...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17639

The CVE-2018-17639 issue affects Foxit Reader 9.2.0.9297 and earlier, allowing remote code execution when a user visits a malicious page or opens a malicious file. The root cause is a failure to validate the existence of an object before performing operations in the setElement method, enabling co...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17645

The CVE-2018-17645 entry concerns Foxit Reader 9.2.0.9297 on Windows, where the vAlign handling of TimeField crashes when an object existence is not validated. This results in remote code execution in the context of the current process, with user interaction required (visiting a malicious page or...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17650

CVE-2018-17650 affects Foxit Reader for Windows (version 9.2.0.9297 and earlier per CNVD/NVD references). The vulnerability stems from the TimeField.resolveNodes path where the code fails to validate the existence of an object before performing operations, enabling an attacker to execute arbitrar...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17684

Foxit Reader (Windows) vulnerable to remote code execution in version 9.2.0.9297 and earlier due to a isPropertySpecified handling flaw that lacks object-existence validation. Exploitation requires user interaction (malicious page/file). Impact is execution in the current process context; advisor...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.46 views

CVE-2018-17685

Foxit Reader 9.2.0.9297 is affected by CVE-2018-17685 due to a type confusion in PDF handling. The issue allows remote code execution when a user opens a malicious file or visits a malicious page, and requires user interaction. The vulnerability is confirmed across multiple sources (e.g., ZDI-18-...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9938

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9938. The vulnerability stems from improper validation in the absPageSpan method, causing a type confusion condition that allows remote attackers to execute arbitrary code in the context of the current process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9940

CVE-2018-9940 affects Foxit Reader 9.0.0.29935. The flaw resides in the handling of the layout sheet attribute, caused by insufficient validation of user-supplied data, resulting in a type-confusion condition that enables remote code execution under the current process. User interaction is requir...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9968

This entry documents a Foxit Reader 9.0.1.1049 remote code execution vulnerability (CVE-2018-9968). The flaw lies in TextBox keyboard input handling where an object’s existence isn’t validated before operations, enabling an attacker to execute code in the current process when a user visits a mali...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9973

CVE-2018-9973 affects Foxit Reader 9.0.1.1049. The flaw is an out-of-bounds read during ePub file parsing caused by insufficient validation of input data, which can lead to sensitive information disclosure and, in combination with other vulnerabilities, arbitrary code execution in the affected pr...

6.5CVSS6.5AI score0.02894EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.46 views

CVE-2018-9984

CVE-2018-9984 affects Foxit Reader 9.0.0.29935. The vulnerability is in the parsing of Texture Image Channels objects inside U3D files, caused by insufficient validation of user-supplied data, which can lead to a read past the end of an allocated object and information disclosure. Exploitation re...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/06/04 3:44 p.m.46 views

CVE-2019-20817

Foxit Reader and PhantomPDF prior to v9.7 are affected by a NULL pointer dereference in the code paths described across multiple sources. The issue is triggered in the products Foxit Reader and Foxit PhantomPDF before version 9.7; upgrading to 9.7 or later is the stated mitigation. The connected ...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 2:47 p.m.46 views

CVE-2020-13806

CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...

7.5CVSS7.6AI score0.02131EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.46 views

CVE-2021-31444

CVE-2021-31444 affects Foxit Reader 10.1.1.37576. The flaw is in the handling of embedded U3D objects in PDFs, caused by insufficient validation, leading to a read past the end of an allocated object. This results in information disclosure and, when combined with other vulnerabilities, can be lev...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.46 views

CVE-2021-31447

The CVE-2021-31447 issue affects Foxit Reader 10.1.1.37576 and is due to a flaw in handling U3D objects embedded in PDF files, causing a read past the end of an allocated object (out-of-bounds read). This is a local/peer-access concern that could enable information disclosure, with exploitation r...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.45 views

CVE-2018-17686

CVE-2018-17686 affects Foxit Reader (Windows) with a BMP image processing flaw. The connected advisories describe an out-of-bounds read in the BMP handling that can disclose sensitive information, requiring user interaction (e.g., visiting a malicious page or opening a malicious file). The vulner...

6.5CVSS6.3AI score0.24397EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.45 views

CVE-2018-9944

CVE-2018-9944 affects Foxit Reader 9.0.0.29935. The vulnerability resides in the addLink method and stems from not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.45 views

CVE-2018-9962

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9962. The vulnerability stems from parsing of the Annotation author attribute and a missing validation of object existence, enabling remote code execution when a user opens a malicious file or visits a malicious page. The root cause is a use-after-f...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/06/04 2:33 p.m.45 views

CVE-2020-13803

CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...

7.5CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.44 views

CVE-2018-17644

Foxit Reader (Windows) versions up to 9.2.0.9297 are affected by CVE-2018-17644. The flaw is in the TimeField addItem handling, arising from not validating the existence of an object before operating on it, which can lead to remote code execution in the context of the current process. Exploitatio...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.44 views

CVE-2018-17656

Foxit Reader (Windows) 9.2.0.9297 and Foxit PhantomPDF 9.2.0.9297 and earlier are affected by a vulnerability in the TimeField getDisplayItem handling that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an att...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.43 views

CVE-2018-17653

The CVE-2018-17653 entry concerns Foxit Reader 9.2.0.9297 (and earlier) where the flaw is in the TimeField.resolveNode handling; the code fails to verify the existence of an object before performing operations, enabling remote code execution in the current process. Exploitation requires user inte...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2020/06/04 2:55 p.m.43 views

CVE-2020-13810

The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...

7.5CVSS7.5AI score0.01052EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.41 views

CVE-2019-6771

CVE-2019-6771 affects Foxit Reader 2019.010.20098. The issue is in the handling of the value property of a Field object within AcroForms, caused by not validating the existence of an object before performing operations. This can be exploited to disclose sensitive information and, when combined wi...

5.5CVSS5.5AI score0.02652EPSS
Total number of security vulnerabilities549