Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2020/01/16 10:0 p.m.98 views

CVE-2019-5130

CVE-2019-5130 is a use-after-free vulnerability in Foxit PDF Reader (JavaScript engine). Multiple connected sources (Talos: Foxit PDF Reader 9.7.0.29435; Red Hat/NVD: same code path) describe that a crafted PDF can trigger a freed object to be reused, enabling arbitrary code execution. The vulner...

8.8CVSS8.7AI score0.02312EPSS
CVE
CVE
added 2020/01/16 10:1 p.m.98 views

CVE-2019-5145

CVE-2019-5145 describes an exploitable use-after-free in the Foxit PDF Reader JavaScript engine (version 9.7.0.29435). The vulnerability occurs when a crafted PDF triggers reuse of a freed object, enabling arbitrary code execution. Impact is arbitrary code execution with high severity (per CVSS a...

8.8CVSS8.7AI score0.03107EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.94 views

CVE-2018-9948

The provided connected documents confirm CVE-2018-9948 affects Foxit Reader (notably v9.0.x), describing a Use-After-Free flaw in the Text Annotations component and in TypedArray handling due to uninitialized pointers. Exploitation requires a crafted PDF/file and can lead to remote code execution...

6.5CVSS7.1AI score0.64074EPSS
CVE
CVE
added 2019/10/02 3:55 p.m.93 views

CVE-2019-5031

CVE-2019-5031 affects Foxit PDF Reader, version 9.4.1.16828. The vulnerability is a memory corruption in the V8/JavaScript engine that can be triggered by a specially crafted PDF, causing an out-of-memory condition and arbitrary code execution. Exploitation requires the user to open the malicious...

8.8CVSS8.8AI score0.0604EPSS
CVE
CVE
added 2018/08/01 8:0 p.m.87 views

CVE-2018-3939

CVE-2018-3939 is a use-after-free vulnerability in Foxit Software’s PDF Reader (version 9.1.0.5096) JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed memory object, enabling arbitrary code execution. Exploitation requires user interaction (opening the malicious PD...

8.8CVSS8.7AI score0.02347EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.87 views

CVE-2020-10912

CVE-2020-10912 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) and is tied to the SetFieldValue command in Foxit’s communication API. The root cause is a lack of validation of user-supplied data, leading to a type confusion condition and enabling arbitrary code execution in the cont...

7.8CVSS7.9AI score0.04689EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.86 views

CVE-2020-10902

Foxit PhantomPDF 9.7.1.29511 is affected by a U3D object handling flaw that can cause a read past the end of an allocated structure, enabling remote code execution after user interaction. The issue (CVE-2020-10902) arises in the 3D/U3D processing path and is exploitable when a malicious file or p...

7.8CVSS7.8AI score0.04826EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.86 views

CVE-2020-10907

CVE-2020-10907 affects Foxit Reader (9.7.1.29511) and PhantomPDF via XFA widget processing. The root cause is missing validation of an object’s existence before operations in XFA forms, enabling arbitrary code execution when a user opens a malicious file/page or visits a crafted page. The issue i...

7.8CVSS7.8AI score0.04787EPSS
CVE
CVE
added 2020/08/19 8:55 p.m.86 views

CVE-2020-15638

The CVE-2020-15638 entry affects Foxit PhantomPDF (version 9.7.2.29539) where the flaw in NodeProperties::InferReceiverMapsUnsafe arises from insufficient validation of user-supplied data, causing a type confusion condition. This can allow remote code execution in the context of the current proce...

7.8CVSS7.9AI score0.06111EPSS
CVE
CVE
added 2021/07/09 5:14 p.m.86 views

CVE-2021-33792

CVE-2021-33792 affects Foxit Reader prior to 10.1.4 and Foxit PhantomPDF prior to 10.1.4. The root cause is an out-of-bounds write triggered by a crafted /Size key in the Trailer dictionary. Public references consistently describe a buffer/space issue leading to memory corruption in these PDF pro...

7.8CVSS7.5AI score0.02107EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.84 views

CVE-2019-6764

Foxit Reader 9.4.1.16828 is affected by CVE-2019-6764 due to improper validation in the processing of XFA Template objects, causing a write past the end of an allocated structure. This enables remote code execution and requires user interaction (victim must visit a malicious page or open a malici...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.83 views

CVE-2020-10909

Foxit PhantomPDF (and related Foxit PDF products) is affected by CVE-2020-10909 due to a type-confusion in the AddWatermark handling of the communication API. The root cause is improper validation of user-supplied data, enabling remote code execution on the current process after user interaction ...

7.8CVSS7.9AI score0.04689EPSS
CVE
CVE
added 2021/08/11 9:12 p.m.83 views

CVE-2021-38574

CVE-2021-38574 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is a SQL injection vulnerability triggered by crafted data at the end of a string in database-related processing. Affected components/locations are not further specified in the provided material. Impact is describ...

9.8CVSS9.7AI score0.00994EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.82 views

CVE-2018-3942

CVE-2018-3942 is an exploitable use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Software) affecting version 9.1.0.5096. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. The vulnerability requires the user to open the malici...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.82 views

CVE-2020-10908

CVE-2020-10908 affects Foxit PhantomPDF 9.7.0.29478. The issue is a type confusion in the Export command handling within the communication API, arising from insufficient validation of user-supplied data. It enables remote code execution in the context of the current process and requires user inte...

7.8CVSS7.9AI score0.04689EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.81 views

CVE-2018-3940

CVE-2018-3940 concerns Foxit PDF Reader’s JavaScript engine. The issue is a use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 that can be triggered by a specially crafted PDF, allowing memory reuse of a previously freed object. An attacker must entice the user to open the malicious file...

8.8CVSS7.9AI score0.02114EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.81 views

CVE-2020-10901

CVE-2020-10901 affects Foxit PhantomPDF 9.7.1.29511. The vulnerability lies in U3D object handling in PDF files and results from insufficient validation of user-supplied data, causing a read past the end of an allocated object. It enables remote information disclosure and, when combined with othe...

4.3CVSS3.3AI score0.03476EPSS
CVE
CVE
added 2021/07/09 5:13 p.m.81 views

CVE-2021-33795

CVE-2021-33795 affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. The root cause is mishandling of the certificate name, document owner, and signature author in PDF signatures, resulting in incorrect document signatures. Reported impact indicates partial integrity impact with ...

5.5CVSS5.6AI score0.00771EPSS
CVE
CVE
added 2021/01/07 5:38 p.m.80 views

CVE-2018-18688

The CVE-2018-18688 entry describes a signature-validation bypass in PDF processing that arises because the PDF specification lacks concrete validation procedures for incremental savings. Affected products include Foxit Reader (pre-9.4), Foxit PhantomPDF (pre-8.3.9 and pre-9.4 for 9.x), and other ...

5.3CVSS5.8AI score0.01133EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.79 views

CVE-2016-8875

The CVE-2016-8875 entry concerns Foxit Reader and Foxit PhantomPDF (Windows) with the ConvertToPDF plugin. When the gflags utility is enabled, a specially crafted TIFF image can trigger an out-of-bounds read, causing a DoS (crash) in CreateFXPDFConvertor. This is associated with the ConvertToPDF_...

5.3CVSS6.4AI score0.01093EPSS
CVE
CVE
added 2021/01/07 5:5 p.m.79 views

CVE-2018-20315

CVE-2018-20315 affects Foxit Reader prior to 9.5 and Foxit PhantomPDF prior to 8.3.10 or 9.x prior to 9.5. A race condition in these products can lead to a stack-based buffer overflow or an out-of-bounds read. The available documents identify the vulnerable components and the underlying issue but...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.79 views

CVE-2018-3993

CVE-2018-3993 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader v9.2.0.9297). A specially crafted PDF can reuse a freed object, enabling arbitrary code execution. The attack requires user interaction (opening a malicious PDF); if a browser plugin extensio...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.79 views

CVE-2020-10891

Foxit PhantomPDF 9.7.0.29478 is affected by a type confusion vulnerability in the Save command handling of the communication API. The flaw arises from improper validation of user-supplied data, enabling remote code execution when a user visits a malicious page or opens a malicious file (requires ...

7.8CVSS7.9AI score0.04728EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.79 views

CVE-2020-17410

Foxit PhantomPDF 10.0.0.35798 and earlier is affected by a GIF file parsing use-after-free vulnerability. The bug stems from not validating the existence of an object before performing operations, enabling arbitrary code execution in the context of the current process. Exploitation requires user ...

7.8CVSS7.8AI score0.09084EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.78 views

CVE-2018-3962

Foxit PDF Reader (version 9.1.0.5096) is affected by a use-after-free in the JavaScript engine when accessing CreationDate on this.info. The vulnerability can be triggered when a user opens a malicious PDF file, and, if the browser plugin extension is enabled, by visiting a malicious site. The do...

8CVSS7.6AI score0.02497EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.78 views

CVE-2020-10893

The CVE-2020-10893 issue affects Foxit PhantomPDF (and related components) where the U3D object handling in PDFs allows a write past the end of an allocated structure due to inadequate validation, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or...

7.8CVSS7.8AI score0.04728EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.78 views

CVE-2020-10900

Foxit Reader/PhantomPDF 9.7.1.29511 on Windows is vulnerable to remote code execution via AcroForms processing. The root cause is a failure to validate an object’s existence before performing operations, effectively a use-after-free style flaw exposed when a user opens a malicious file or visits ...

7.8CVSS7.8AI score0.04787EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.78 views

CVE-2020-10904

CVE-2020-10904 affects Foxit PhantomPDF (and Foxit Reader components) with a flaw in U3D object handling in PDF files, allowing remote code execution via write past the end of an allocated object. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) ...

7.8CVSS7.8AI score0.04826EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.78 views

CVE-2020-10906

CVE-2020-10906 affects Foxit Reader/PhantomPDF (Windows) prior to 9.7.2. The flaw is in resetForm and stems from not validating the existence of an object before performing operations, enabling use-after-free that can lead to remote code execution. Exploitation requires user interaction (open a m...

7.8CVSS7.8AI score0.04787EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.77 views

CVE-2018-3944

CVE-2018-3944 is a use-after-free vulnerability in Foxit Software’s PDF Reader JavaScript engine (version 9.1.0.5096). A specially crafted PDF can trigger reuse of a freed object, leading to arbitrary code execution. Exploitation requires user interaction: the user must open the malicious PDF; if...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.77 views

CVE-2019-6773

Summary: CVE-2019-6773 affects Foxit Reader 9.4.1.16828. The vulnerability arises from improper handling of the richValue property of a Field object within AcroForms, due to a missing validation of the object before performing operations. This leads to information disclosure via crafted pages/fil...

5.5CVSS5.5AI score0.03049EPSS
CVE
CVE
added 2018/08/01 8:0 p.m.76 views

CVE-2018-3924

CVE-2018-3924 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting Foxit PDF Reader version 9.1.5096 (and related Foxit offerings). The issue allows an attacker to trigger reuse of a previously freed memory object via a specially crafted PDF document, potenti...

8.8CVSS8.2AI score0.4414EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.76 views

CVE-2018-3965

CVE-2018-3965 is a use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader 9.1.0.5096). A specially crafted PDF can trigger reuse of freed memory, allowing arbitrary code execution. Exploitation requires user action (open the malicious PDF); if a browser plugin is enabled, visiti...

8CVSS8.3AI score0.06043EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.75 views

CVE-2020-10895

CVE-2020-10895 affects Foxit PhantomPDF 9.7.1.29511 and its 3D/U3D handling in PDFs. The flaw stems from inadequate validation of user-supplied data, causing a read past the end of an allocated structure and enabling remote code execution in the context of the current process. User interaction is...

7.8CVSS7.8AI score0.04826EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.75 views

CVE-2020-10913

The CVE-2020-10913 issue is a Type Confusion remote code execution in Foxit PhantomPDF/Reader caused by improper validation in the OCRAndExportToExcel command of the communication API. Exploitation requires user interaction (the target must visit a malicious page or open a malicious file). Affect...

7.8CVSS7.9AI score0.06602EPSS
CVE
CVE
added 2020/08/19 8:55 p.m.75 views

CVE-2020-15637

The CVE-2020-15637 entry concerns Foxit PhantomPDF (and related Foxit products) with a use-after-free flaw in SetLocalDescription that can disclose sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and is described as a local/vec...

4.3CVSS3.8AI score0.04074EPSS
CVE
CVE
added 2021/02/11 11:35 p.m.75 views

CVE-2020-27860

The CVE-2020-27860 entry affects Foxit Reader 10.0.1.35811, with the root cause in the processing of XFA templates due to insufficient validation that can cause a write past the end of an allocated data structure. This can allow remote code execution in the context of the current process, with us...

7.8CVSS8AI score0.03554EPSS
CVE
CVE
added 2018/04/23 7:0 p.m.74 views

CVE-2018-10302

CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...

7.8CVSS8.4AI score0.03247EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.74 views

CVE-2018-3961

CVE-2018-3961 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The flaw occurs when accessing the Creator property of the this.info object, enabling potentially arbitrary code execution. Exploitation vectors described in the connected Talos write-up ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.74 views

CVE-2019-6754

CVE-2019-6754 affects Foxit Reader (example: 9.3.10826) via the localFileStorage method. The flaw arises from insufficient validation of a user-supplied path used in file operations, enabling an attacker to execute code in the current process after user interaction (visit a malicious page or open...

7.8CVSS7.8AI score0.04517EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.74 views

CVE-2020-10898

CVE-2020-10898 affects Foxit PhantomPDF (and Foxit Reader/3D Plugin U3DBrowser) 9.7.1.29511, due to improper validation in handling of U3D objects in PDF files. The flaw can lead to a read past the end of an allocated structure, enabling remote code execution in the context of the current process...

7.8CVSS7.8AI score0.04826EPSS
CVE
CVE
added 2021/08/11 7:34 p.m.74 views

CVE-2021-33793

The CVE-2021-33793 issue affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. It is an out-of-bounds write caused by mishandling of the Cross-Reference table during Office document conversion. Impact details are not elaborated beyond the out-of-bounds write; no exploitation spec...

9.8CVSS9.5AI score0.01087EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.74 views

CVE-2021-38570

CVE-2021-38570 affects Foxit Reader and Foxit PhantomPDF versions prior to 10.1.4. The issue allows an attacker to delete arbitrary files during uninstallation by abusing a symlink, enabling file deletion on the user’s system. Exploitation details are not provided in the supplied documents. The v...

9.1CVSS9AI score0.01166EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.73 views

CVE-2016-4065

The CVE-2016-4065 issue affects Foxit Reader and Foxit PhantomPDF on Windows, where the ConvertToPDF plugin can trigger an out-of-bounds read in image handling (JPEG/GIF/BMP) when the gflags app is enabled, causing a denial of service (application crash). Affected versions are Foxit Reader/Phanto...

7.8CVSS7.2AI score0.0274EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.73 views

CVE-2016-8878

Foxit Reader and Foxit PhantomPDF (Windows) prior to 8.1 are affected by an out-of-bounds read in the XFA data stream when the gflags utility is enabled, allowing remote code execution via a crafted BMP in a PDF. Impact listed as arbitrary code execution with high severity (CVSS v3: HIGH, 8.8). A...

8.8CVSS8.7AI score0.0259EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.73 views

CVE-2018-10493

CVE-2018-10493 affects Foxit Reader 9.0.1.1049. The vulnerability is an information disclosure arising from improper validation of user-supplied data in the U3D Final Maximum Resolution attribute, causing a read past the end of an allocated object. Exploitation requires user interaction (maliciou...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.73 views

CVE-2018-11619

CVE-2018-11619 affects Foxit Reader. The vulnerability lies in the handling of the setFocus method where an object’s existence is not validated before operations, enabling a remote attacker to execute arbitrary code in the context of the current process. Exploitation requires user interaction (vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.73 views

CVE-2018-3943

Foxit Reader/PhantomPDF CVE-2018-3943 is a use-after-free in Foxit’s PDF Reader JavaScript engine (Foxit Reader 9.1.0.5096). A crafted PDF can reuse a freed object, allowing arbitrary code execution. Exploitation requires user action (opening the malicious file); if a browser plugin extension is ...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.73 views

CVE-2019-6759

CVE-2019-6759 affects Foxit Reader (Windows) with the flaw located in the ConvertToPDF_x86.dll. The issue stems from insufficient validation of user-supplied data, allowing a write past the end of an allocated object in ConvertToPDF_x86.dll and enabling arbitrary code execution in the context of ...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.73 views

CVE-2019-6772

Foxit Reader (version 2019.010.20098) is affected by CVE-2019-6772 via the removeField method in AcroForms, where the code fails to validate object existence before operations. This can lead to information disclosure and, when combined with other vulnerabilities, potential code execution in the p...

5.5CVSS5.5AI score0.02652EPSS
Total number of security vulnerabilities549