Phantompdf Security Vulnerabilities and Issues — Page 2 of Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

549 matches found

CVE•added 2020/01/16 10:15 p.m.•81 views

CVE-2019-5126

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the...

8.8CVSS8.7AI score0.04604EPSS

CVE•added 2019/10/02 4:15 p.m.•80 views

CVE-2019-5031

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.8AI score0.01021EPSS

CVE•added 2021/05/21 3:15 p.m.•80 views

CVE-2021-31473

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browse...

7.8CVSS8.4AI score0.01606EPSS

CVE•added 2020/04/22 9:15 p.m.•75 views

CVE-2020-10902

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2018/05/17 3:29 p.m.•73 views

CVE-2018-9948

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

6.5CVSS7.1AI score0.87518EPSS

CVE•added 2021/07/09 6:15 p.m.•73 views

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.

7.8CVSS7.5AI score0.00035EPSS

CVE•added 2020/04/22 9:15 p.m.•71 views

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2018/10/08 4:29 p.m.•69 views

CVE-2018-3942

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user t...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2020/04/22 9:15 p.m.•69 views

CVE-2020-10901

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS3.3AI score0.11393EPSS

CVE•added 2020/04/22 9:15 p.m.•68 views

CVE-2020-10893

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2018/10/03 3:29 p.m.•67 views

CVE-2018-3993

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the u...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2019/06/03 7:29 p.m.•67 views

CVE-2019-6764

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proce...

7.8CVSS7.8AI score0.00758EPSS

CVE•added 2020/08/20 1:17 a.m.•67 views

CVE-2020-15638

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Nod...

7.8CVSS7.9AI score0.00889EPSS

CVE•added 2018/08/01 8:29 p.m.•66 views

CVE-2018-3939

8.8CVSS8.7AI score0.12954EPSS

CVE•added 2018/10/02 9:29 p.m.•66 views

CVE-2018-3962

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger th...

8CVSS7.6AI score0.00127EPSS

CVE•added 2020/04/22 9:15 p.m.•65 views

CVE-2020-10909

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...

7.8CVSS7.9AI score0.00374EPSS

CVE•added 2021/07/09 6:15 p.m.•65 views

CVE-2021-33795

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.

5.5CVSS5.6AI score0.00023EPSS

CVE•added 2018/10/03 3:29 p.m.•64 views

CVE-2018-3965

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the u...

8CVSS8.3AI score0.15916EPSS

CVE•added 2020/04/22 9:15 p.m.•64 views

CVE-2020-10903

4.3CVSS3.3AI score0.11393EPSS

CVE•added 2021/08/11 10:15 p.m.•64 views

CVE-2021-38574

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.

9.8CVSS9.7AI score0.00028EPSS

CVE•added 2018/08/01 8:29 p.m.•63 views

CVE-2018-3924

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the use...

8.8CVSS8.2AI score0.48335EPSS

CVE•added 2018/10/02 9:29 p.m.•63 views

CVE-2018-3944

8.8CVSS8.2AI score0.003EPSS

CVE•added 2020/04/22 9:15 p.m.•63 views

CVE-2020-10900

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2020/04/22 9:15 p.m.•63 views

CVE-2020-10904

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2020/04/22 9:15 p.m.•63 views

CVE-2020-10906

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2020/04/22 9:15 p.m.•63 views

CVE-2020-10908

7.8CVSS7.9AI score0.00374EPSS

CVE•added 2020/10/13 5:15 p.m.•63 views

CVE-2020-17410

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pa...

7.8CVSS7.8AI score0.01963EPSS

CVE•added 2019/06/03 7:29 p.m.•62 views

CVE-2019-6773

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

5.5CVSS5.5AI score0.01667EPSS

CVE•added 2020/04/22 9:15 p.m.•62 views

CVE-2020-10891

7.8CVSS7.9AI score0.00374EPSS

CVE•added 2021/01/07 6:15 p.m.•61 views

CVE-2018-18688

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annot...

5.3CVSS5.8AI score0.00007EPSS

CVE•added 2019/06/03 7:29 p.m.•61 views

CVE-2019-6754

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFi...

7.8CVSS7.8AI score0.01445EPSS

CVE•added 2019/06/03 7:29 p.m.•61 views

CVE-2019-6772

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

5.5CVSS5.5AI score0.00647EPSS

CVE•added 2020/04/22 9:15 p.m.•61 views

CVE-2020-10898

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2020/04/22 9:15 p.m.•61 views

CVE-2020-10912

7.8CVSS7.9AI score0.00374EPSS

CVE•added 2021/02/12 12:15 a.m.•61 views

CVE-2020-27860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proces...

7.8CVSS8AI score0.04567EPSS

CVE•added 2016/10/31 10:59 a.m.•60 views

CVE-2016-8875

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in...

5.3CVSS6.4AI score0.00088EPSS

CVE•added 2020/04/22 9:15 p.m.•60 views

CVE-2020-10894

4.3CVSS3.3AI score0.11393EPSS

CVE•added 2020/04/22 9:15 p.m.•60 views

CVE-2020-10895

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2020/04/22 9:15 p.m.•60 views

CVE-2020-10913

7.8CVSS7.9AI score0.0079EPSS

CVE•added 2019/01/30 10:29 p.m.•59 views

CVE-2018-3956

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when co...

7.1CVSS6.7AI score0.11084EPSS

CVE•added 2020/06/04 5:15 p.m.•59 views

CVE-2019-20825

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.

9.8CVSS9.4AI score0.00023EPSS

CVE•added 2019/06/03 7:29 p.m.•59 views

CVE-2019-6760

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPD...

7.8CVSS7.8AI score0.00744EPSS

CVE•added 2021/08/11 10:15 p.m.•59 views

CVE-2021-38570

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.

9.1CVSS9AI score0.0004EPSS

CVE•added 2018/10/02 9:29 p.m.•58 views

CVE-2018-3943

8.8CVSS8.2AI score0.003EPSS

CVE•added 2019/06/03 7:29 p.m.•58 views

CVE-2019-6759

7.8CVSS7.8AI score0.00744EPSS

CVE•added 2021/08/11 10:15 p.m.•58 views

CVE-2021-38568

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2021/08/11 10:15 p.m.•58 views

CVE-2021-38573

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS

CVE•added 2018/10/02 9:29 p.m.•57 views

CVE-2018-3957

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this v...

8CVSS7.9AI score0.0022EPSS

CVE•added 2018/10/02 9:29 p.m.•57 views

CVE-2018-3961

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vu...

8CVSS7.9AI score0.06944EPSS

CVE•added 2019/06/03 7:29 p.m.•57 views

CVE-2019-6755

7.8CVSS7.8AI score0.00401EPSS

Total number of security vulnerabilities549