Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2020/04/22 8:51 p.m.73 views

CVE-2020-10903

CVE-2020-10903 affects Foxit PhantomPDF 9.7.1.29511, where U3D objects in PDFs are not properly validated, causing an out-of-bounds read that can disclose sensitive data. The issue requires user interaction (visiting a malicious page or opening a malicious file) and, in combination with other vul...

4.3CVSS3.3AI score0.03405EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.73 views

CVE-2021-31458

Foxit Reader 10.1.1.37576 is affected by a remote code execution vulnerability in the handling of Annotation objects. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to run code in the current process context after the targe...

7.8CVSS8.4AI score0.02755EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.73 views

CVE-2021-38568

CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...

9.8CVSS9.5AI score0.01087EPSS
CVE
CVE
added 2021/08/11 9:12 p.m.73 views

CVE-2021-38573

Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...

9.8CVSS9.3AI score0.01117EPSS
CVE
CVE
added 2020/06/04 4:58 p.m.72 views

CVE-2019-20825

CVE-2019-20825 affects Foxit PhantomPDF before 8.3.11, with an out-of-bounds write when Internet Explorer is used. The issue is detailed across multiple sources (NVD, Red Hat, CNVD, CVE listings) as a high-severity vulnerability (CVSSv3.1: 9.8, NETWORK, LOW attack complexity, NONE privileges, no ...

9.8CVSS9.4AI score0.01149EPSS
CVE
CVE
added 2020/06/04 4:52 p.m.72 views

CVE-2019-20830

Foxit Reader and Foxit PhantomPDF versions before 9.6 contain an out-of-bounds write when Internet Explorer is used (CVE-2019-20830). Connected sources confirm the affected products and the root cause, but do not provide explicit exploitation details, vectors, or remediation steps. No additional ...

9.8CVSS9.5AI score0.01717EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.72 views

CVE-2019-6755

CVE-2019-6755 affects Foxit Reader 9.3.10826. The vulnerability is a write-past-the-end in ConvertToPDF_x86.dll caused by inadequate validation of user-supplied data, leading to remote code execution in the current process. Exploitation requires user interaction (visiting a malicious page or open...

7.8CVSS7.8AI score0.03455EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.72 views

CVE-2020-10910

CVE-2020-10910 affects Foxit PhantomPDF/Reader (notably PhantomPDF 9.7.0.29478; CNVD/ZDI notes 9.7.1.29511 and earlier) where the RotatePage command handling in the communication API is vulnerable to a type confusion caused by insufficient validation of user-supplied data. This allows remote code...

7.8CVSS7.9AI score0.04787EPSS
CVE
CVE
added 2018/04/24 8:0 p.m.71 views

CVE-2017-17557

CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF

8.8CVSS8.7AI score0.03643EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.71 views

CVE-2018-3956

CVE-2018-3956 is an out-of-bounds read/write vulnerability in Foxit Software’s PDF Reader/PhantomPDF related to handling of XFA element attributes. Affected products include Foxit Reader and Foxit PhantomPDF prior to version 9.4, with a specific reference to Foxit PDF Reader 9.1.0.5096. The vulne...

7.1CVSS6.7AI score0.49566EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.71 views

CVE-2019-6734

This CVE (CVE-2019-6734) concerns Foxit PhantomPDF/Reader components vulnerable via the JavaScript setInterval handling, leading to a use-after-free condition that can disclose memory content. Affected products are Foxit PhantomPDF (and Foxit Reader per CNVD/PRION references) with unspecified exa...

6.5CVSS6.2AI score0.04203EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.71 views

CVE-2019-6760

Foxit Reader 9.4.16811 is affected by CVE-2019-6760 due to an out-of-bounds write in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This allows remote attackers to execute arbitrary code, with user interaction required (the target must visit a malicious page or open...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.71 views

CVE-2020-10890

Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10890 due to a flaw in the communication API’s ConvertToPDF command that allows an attacker-controlled data write to arbitrary files, enabling remote code execution in the context of the current process. Exploitation requires user interaction (...

8.8CVSS8.8AI score0.0217EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.70 views

CVE-2018-14248

CVE-2018-14248 affects Foxit Reader (FXR) with a vulnerability in the exportAsXFDF method that can trigger a type-confusion condition and lead to remote Code Execution. The issue requires user interaction (visiting a malicious page or opening a malicious file) and is documented in advisories such...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/01/07 4:58 p.m.70 views

CVE-2018-20311

CVE-2018-20311 affects Foxit Reader before 9.5 and Foxit PhantomPDF before 8.3.10 and 9.x before 9.5. The issue is a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. The description does not specify affected versions beyond those ranges or expl...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.70 views

CVE-2018-3957

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine triggered by accessing the this.info Keywords property. An attacker can exploit this by convincing a user to open a malicious PDF file; if the browser plugin extension is enabled, visiting a malicious site may also tri...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.70 views

CVE-2020-10894

The CVE-2020-10894 issue affects Foxit PhantomPDF 9.7.1.29511 (U3D object handling) and is caused by insufficient validation of user-supplied data, leading to a read past the end of an allocated object (out-of-bounds read). This enables remote information disclosure with user interaction required...

4.3CVSS3.3AI score0.03311EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.70 views

CVE-2020-10911

CVE-2020-10911 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family in some sources) with a type-confusion flaw in the GetFieldValue handling of the communication API that enables remote code execution. Exploitation requires user interaction (e.g., opening a malicious file/page). The vuln...

7.8CVSS7.9AI score0.04689EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.70 views

CVE-2021-27261

CVE-2021-27261 affects Foxit PhantomPDF (v10.1.0.37527) and is caused by improper validation in the handling of PDF U3D objects, leading to an out-of-bounds read and remote code execution. The vulnerability allows an attacker to run arbitrary code in the context of the current process when a user...

7.8CVSS7.8AI score0.02691EPSS
CVE
CVE
added 2015/12/16 9:0 p.m.69 views

CVE-2015-8580

CVE-2015-8580 affects Foxit Reader and Foxit PhantomPDF prior to version 7.2.2. The vulnerabilities are use-after-free in the Print method and in App object handling, enabling remote code execution via a crafted PDF document. Remediation is to upgrade to Foxit Reader/PhantomPDF 7.2.2 or later. Av...

6.8CVSS7.8AI score0.03691EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14260

Foxit Reader CVE-2018-14260 is a type-confusion remote code execution in getPageRotation that affects Foxit Reader 9.0.1.1049. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw lets an attacker execute code in the current process context via ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14292

CVE-2018-14292 affects Foxit Reader (e.g., 9.0.1.5096 and older) where a vulnerability in PDF parsing can cause a use-after-free in document element handling, enabling remote code execution in the current process. Exploitation requires user interaction (target must open a malicious page or file)....

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.69 views

CVE-2018-14304

Foxit Reader vulnerable to a Use-After-Free in the Text annotation handling that can allow remote code execution. Affected products include Foxit Reader prior to version 9.2.0.9097 (and Foxit PhantomPDF), with exploitation requiring user interaction (visiting a malicious page or opening a crafted...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/20 12:0 p.m.69 views

CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...

9.8CVSS9.5AI score0.04739EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.69 views

CVE-2018-3946

CVE-2018-3946 : A use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) allows arbitrary code execution. A specially crafted PDF can reuse a freed memory object, enabling exploitation. User interaction is required: the attacker must persuade the user to open a malicious PDF;...

8.8CVSS8.2AI score0.03155EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.69 views

CVE-2019-6761

Foxit Reader 9.4.0.16811 is affected by a vulnerability in the XFA CXFA_FFDocView object where the code fails to validate the existence of an object before performing operations, enabling arbitrary code execution. Exploitation requires user interaction (visitor to a malicious page/file). The issu...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.69 views

CVE-2019-6766

CVE-2019-6766 affects Foxit Reader 9.4.1.16828. The flaw is in removeField for AcroForms, caused by not validating the existence of the target object before operations. This enables remote information disclosure; exploitation requires user interaction (visiting a malicious page or opening a malic...

5.5CVSS5.5AI score0.02652EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.69 views

CVE-2020-10892

CVE-2020-10892 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) with a vulnerability in the API communication handling of the CombineFiles command. The flaw allows an attacker to write an arbitrary file with data under attacker control, enabling remote code execution in the context o...

8.8CVSS8.8AI score0.0217EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.69 views

CVE-2020-17416

CVE-2020-17416 affects Foxit Reader (and related Foxit PhantomPDF components) where the flaw is in JPEG2000 image parsing. The vulnerability is an out-of-bounds write that can allow remote code execution in the context of the affected process. It requires user interaction (target must open a mali...

7.8CVSS7.8AI score0.09084EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.69 views

CVE-2021-31456

CVE-2021-31456 affects Foxit Reader 10.1.1.37576 and describes remote code execution via the handling of Annotation objects. The root cause is the lack of validating the existence of an object before performing operations on it, enabling an attacker to run code in the context of the current proce...

7.8CVSS8.4AI score0.02778EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.68 views

CVE-2018-10483

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10483. The issue occurs in the parsing of U3D Clod Progressive Mesh objects and results from improper validation of user-supplied data, causing a write past the end of an allocated object . This enables remote code execution in the context of the c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14243

CVE-2018-14243 concerns Foxit Reader. Multiple connected sources (ZDI-18-703, CNVD-2018-14462, OpenVAS entry) describe a type confusion vulnerability in the addPageOpenJSMessage method that allows remote code execution when a user opens a malicious page/file and executes JavaScript. Affected prod...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14250

CVE-2018-14250 affects Foxit Reader (and Foxit PhantomPDF) with a getAnnot type-confusion vulnerability that allows remote code execution. Root cause: type confusion in getAnnot triggered by JavaScript actions, requiring user interaction (visiting a malicious page or opening a malicious file). Ex...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14279

Foxit Reader CVE-2018-14279 is a remote code execution due to a type confusion in the resetForm method. Exploitation requires user interaction (visit a malicious page or open a malicious file). Affected product scope includes Foxit Reader (versions before the latest provided in advisories) and is...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.68 views

CVE-2018-14303

Overview: CVE-2018-14303 affects Foxit Reader 9.0.1.5096 and Foxit PhantomPDF pre-9.2.0.9097. The flaw exists in StrikeOut annotation handling and is a use-after-free vulnerability that can allow remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.68 views

CVE-2018-3941

CVE-2018-3941 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object in memory, enabling arbitrary code execution. Exploitation requires the user to open a malicious file...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.68 views

CVE-2019-6762

CVE-2019-6762 affects Foxit PhantomPDF 9.4.1.16828. The flaw occurs in the HTML-to-PDF conversion where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User interaction is required (visiting ...

7.8CVSS7.8AI score0.03484EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.68 views

CVE-2019-6767

CVE-2019-6767 affects Foxit Reader 9.4.1.16828. The flaw is in the removeField processing of AcroForms , where the code fails to validate an object’s existence before performing operations, enabling remote code execution . Exploitation requires user interaction (visiting a malicious page or openi...

7.8CVSS7.8AI score0.03871EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.68 views

CVE-2020-10889

Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10889. The issue lies in the DuplicatePages command handling within the communication API, caused by improper validation of user-supplied data leading to a type confusion. This allows remote code execution in the context of the current process ...

7.8CVSS7.9AI score0.04689EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.68 views

CVE-2021-31450

CVE-2021-31450 affects Foxit Reader 10.1.1.37576 (and related versions) where a fault in handling XFA forms permits remote code execution after tricking a user into opening a malicious page or file. The root cause is a failure to validate the existence of an object before performing operations on...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.68 views

CVE-2021-31452

Foxit Reader 10.1.1.37576 and earlier is affected by a remote code execution vulnerability in the handling of XFA forms. The issue stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure and enabling code execution in the attacker’s...

7.8CVSS8.4AI score0.02933EPSS
CVE
CVE
added 2017/01/23 6:49 a.m.67 views

CVE-2017-5556

The CVE-2017-5556 issue affects Foxit Reader (ConvertToPDF plugin) and Foxit PhantomPDF on Windows, where the ConvertToPDF plugin is vulnerable before version 8.2 when the gflags app is enabled. A crafted JPEG image can trigger an out-of-bounds read, causing a denial of service (application crash...

8.1CVSS7.9AI score0.0377EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.67 views

CVE-2018-14252

Foxit Reader 9.0.1.1049 is affected by CVE-2018-14252 due to a type confusion in getField. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can lead to remote arbitrary code execution in the current process. Connected advisories (ZDI-18-712, CNVD-...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.67 views

CVE-2018-14312

CVE-2018-14312 affects Foxit Reader 9.0.1.5096 due to a use-after-free in the exportAsFDF function, caused by not validating object existence before dereferencing. This enables remote code execution when a user opens a malicious file or visits a malicious page. Connected sources confirm the vulne...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.67 views

CVE-2018-3960

CVE-2018-3960 is a use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The vulnerability occurs when accessing the Producer property of the this.info object. Exploitation depends on social/drive-by user action: a user must open a specially crafted malicious PDF file, or, ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.67 views

CVE-2018-3967

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. Exploitation requires user action (opening the crafted file); if the browser plugin is enabled, visiting a m...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6756

CVE-2019-6756 affects Foxit PhantomPDF (version 9.4.0.16811) and Foxit Reader/PhantomPDF family in several disclosures. Description across sources indicates a vulnerability in the parsing of HTML files where the code fails to validate an object’s existence before performing operations on it. This...

5.5CVSS5.7AI score0.02784EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6757

CVE-2019-6757 affects Foxit Reader 9.4.16811. The flaw is in ConvertToPDF_x86.dll and stems from not validating the existence of an object before performing operations, enabling remote code execution after user interaction (visit a malicious page or open a malicious file). The current process con...

7.8CVSS7.8AI score0.03557EPSS
CVE
CVE
added 2020/09/04 3:31 a.m.67 views

CVE-2020-11493

CVE-2020-11493 affects Foxit Reader and PhantomPDF prior to 10.0.1 and 9.7.3 respectively. The issue stems from a direct transformation from a PDF Object to a Stream without adequately handling a crafted XObject, allowing an uninitialized object to leak sensitive information. The result is an inf...

8.1CVSS7.6AI score0.00932EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.67 views

CVE-2021-27264

CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...

4.3CVSS3.8AI score0.02187EPSS
Total number of security vulnerabilities549