549 matches found
CVE-2020-10903
CVE-2020-10903 affects Foxit PhantomPDF 9.7.1.29511, where U3D objects in PDFs are not properly validated, causing an out-of-bounds read that can disclose sensitive data. The issue requires user interaction (visiting a malicious page or opening a malicious file) and, in combination with other vul...
CVE-2021-31458
Foxit Reader 10.1.1.37576 is affected by a remote code execution vulnerability in the handling of Annotation objects. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to run code in the current process context after the targe...
CVE-2021-38568
CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...
CVE-2021-38573
Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...
CVE-2019-20825
CVE-2019-20825 affects Foxit PhantomPDF before 8.3.11, with an out-of-bounds write when Internet Explorer is used. The issue is detailed across multiple sources (NVD, Red Hat, CNVD, CVE listings) as a high-severity vulnerability (CVSSv3.1: 9.8, NETWORK, LOW attack complexity, NONE privileges, no ...
CVE-2019-20830
Foxit Reader and Foxit PhantomPDF versions before 9.6 contain an out-of-bounds write when Internet Explorer is used (CVE-2019-20830). Connected sources confirm the affected products and the root cause, but do not provide explicit exploitation details, vectors, or remediation steps. No additional ...
CVE-2019-6755
CVE-2019-6755 affects Foxit Reader 9.3.10826. The vulnerability is a write-past-the-end in ConvertToPDF_x86.dll caused by inadequate validation of user-supplied data, leading to remote code execution in the current process. Exploitation requires user interaction (visiting a malicious page or open...
CVE-2020-10910
CVE-2020-10910 affects Foxit PhantomPDF/Reader (notably PhantomPDF 9.7.0.29478; CNVD/ZDI notes 9.7.1.29511 and earlier) where the RotatePage command handling in the communication API is vulnerable to a type confusion caused by insufficient validation of user-supplied data. This allows remote code...
CVE-2017-17557
CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF
CVE-2018-3956
CVE-2018-3956 is an out-of-bounds read/write vulnerability in Foxit Software’s PDF Reader/PhantomPDF related to handling of XFA element attributes. Affected products include Foxit Reader and Foxit PhantomPDF prior to version 9.4, with a specific reference to Foxit PDF Reader 9.1.0.5096. The vulne...
CVE-2019-6734
This CVE (CVE-2019-6734) concerns Foxit PhantomPDF/Reader components vulnerable via the JavaScript setInterval handling, leading to a use-after-free condition that can disclose memory content. Affected products are Foxit PhantomPDF (and Foxit Reader per CNVD/PRION references) with unspecified exa...
CVE-2019-6760
Foxit Reader 9.4.16811 is affected by CVE-2019-6760 due to an out-of-bounds write in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This allows remote attackers to execute arbitrary code, with user interaction required (the target must visit a malicious page or open...
CVE-2020-10890
Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10890 due to a flaw in the communication API’s ConvertToPDF command that allows an attacker-controlled data write to arbitrary files, enabling remote code execution in the context of the current process. Exploitation requires user interaction (...
CVE-2018-14248
CVE-2018-14248 affects Foxit Reader (FXR) with a vulnerability in the exportAsXFDF method that can trigger a type-confusion condition and lead to remote Code Execution. The issue requires user interaction (visiting a malicious page or opening a malicious file) and is documented in advisories such...
CVE-2018-20311
CVE-2018-20311 affects Foxit Reader before 9.5 and Foxit PhantomPDF before 8.3.10 and 9.x before 9.5. The issue is a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. The description does not specify affected versions beyond those ranges or expl...
CVE-2018-3957
Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine triggered by accessing the this.info Keywords property. An attacker can exploit this by convincing a user to open a malicious PDF file; if the browser plugin extension is enabled, visiting a malicious site may also tri...
CVE-2020-10894
The CVE-2020-10894 issue affects Foxit PhantomPDF 9.7.1.29511 (U3D object handling) and is caused by insufficient validation of user-supplied data, leading to a read past the end of an allocated object (out-of-bounds read). This enables remote information disclosure with user interaction required...
CVE-2020-10911
CVE-2020-10911 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family in some sources) with a type-confusion flaw in the GetFieldValue handling of the communication API that enables remote code execution. Exploitation requires user interaction (e.g., opening a malicious file/page). The vuln...
CVE-2021-27261
CVE-2021-27261 affects Foxit PhantomPDF (v10.1.0.37527) and is caused by improper validation in the handling of PDF U3D objects, leading to an out-of-bounds read and remote code execution. The vulnerability allows an attacker to run arbitrary code in the context of the current process when a user...
CVE-2015-8580
CVE-2015-8580 affects Foxit Reader and Foxit PhantomPDF prior to version 7.2.2. The vulnerabilities are use-after-free in the Print method and in App object handling, enabling remote code execution via a crafted PDF document. Remediation is to upgrade to Foxit Reader/PhantomPDF 7.2.2 or later. Av...
CVE-2018-14260
Foxit Reader CVE-2018-14260 is a type-confusion remote code execution in getPageRotation that affects Foxit Reader 9.0.1.1049. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The flaw lets an attacker execute code in the current process context via ...
CVE-2018-14292
CVE-2018-14292 affects Foxit Reader (e.g., 9.0.1.5096 and older) where a vulnerability in PDF parsing can cause a use-after-free in document element handling, enabling remote code execution in the current process. Exploitation requires user interaction (target must open a malicious page or file)....
CVE-2018-14304
Foxit Reader vulnerable to a Use-After-Free in the Text annotation handling that can allow remote code execution. Affected products include Foxit Reader prior to version 9.2.0.9097 (and Foxit PhantomPDF), with exploitation requiring user interaction (visiting a malicious page or opening a crafted...
CVE-2018-14442
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...
CVE-2018-3946
CVE-2018-3946 : A use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) allows arbitrary code execution. A specially crafted PDF can reuse a freed memory object, enabling exploitation. User interaction is required: the attacker must persuade the user to open a malicious PDF;...
CVE-2019-6761
Foxit Reader 9.4.0.16811 is affected by a vulnerability in the XFA CXFA_FFDocView object where the code fails to validate the existence of an object before performing operations, enabling arbitrary code execution. Exploitation requires user interaction (visitor to a malicious page/file). The issu...
CVE-2019-6766
CVE-2019-6766 affects Foxit Reader 9.4.1.16828. The flaw is in removeField for AcroForms, caused by not validating the existence of the target object before operations. This enables remote information disclosure; exploitation requires user interaction (visiting a malicious page or opening a malic...
CVE-2020-10892
CVE-2020-10892 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) with a vulnerability in the API communication handling of the CombineFiles command. The flaw allows an attacker to write an arbitrary file with data under attacker control, enabling remote code execution in the context o...
CVE-2020-17416
CVE-2020-17416 affects Foxit Reader (and related Foxit PhantomPDF components) where the flaw is in JPEG2000 image parsing. The vulnerability is an out-of-bounds write that can allow remote code execution in the context of the affected process. It requires user interaction (target must open a mali...
CVE-2021-31456
CVE-2021-31456 affects Foxit Reader 10.1.1.37576 and describes remote code execution via the handling of Annotation objects. The root cause is the lack of validating the existence of an object before performing operations on it, enabling an attacker to run code in the context of the current proce...
CVE-2018-10483
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10483. The issue occurs in the parsing of U3D Clod Progressive Mesh objects and results from improper validation of user-supplied data, causing a write past the end of an allocated object . This enables remote code execution in the context of the c...
CVE-2018-14243
CVE-2018-14243 concerns Foxit Reader. Multiple connected sources (ZDI-18-703, CNVD-2018-14462, OpenVAS entry) describe a type confusion vulnerability in the addPageOpenJSMessage method that allows remote code execution when a user opens a malicious page/file and executes JavaScript. Affected prod...
CVE-2018-14250
CVE-2018-14250 affects Foxit Reader (and Foxit PhantomPDF) with a getAnnot type-confusion vulnerability that allows remote code execution. Root cause: type confusion in getAnnot triggered by JavaScript actions, requiring user interaction (visiting a malicious page or opening a malicious file). Ex...
CVE-2018-14279
Foxit Reader CVE-2018-14279 is a remote code execution due to a type confusion in the resetForm method. Exploitation requires user interaction (visit a malicious page or open a malicious file). Affected product scope includes Foxit Reader (versions before the latest provided in advisories) and is...
CVE-2018-14303
Overview: CVE-2018-14303 affects Foxit Reader 9.0.1.5096 and Foxit PhantomPDF pre-9.2.0.9097. The flaw exists in StrikeOut annotation handling and is a use-after-free vulnerability that can allow remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a...
CVE-2018-3941
CVE-2018-3941 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object in memory, enabling arbitrary code execution. Exploitation requires the user to open a malicious file...
CVE-2019-6762
CVE-2019-6762 affects Foxit PhantomPDF 9.4.1.16828. The flaw occurs in the HTML-to-PDF conversion where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User interaction is required (visiting ...
CVE-2019-6767
CVE-2019-6767 affects Foxit Reader 9.4.1.16828. The flaw is in the removeField processing of AcroForms , where the code fails to validate an object’s existence before performing operations, enabling remote code execution . Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2020-10889
Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10889. The issue lies in the DuplicatePages command handling within the communication API, caused by improper validation of user-supplied data leading to a type confusion. This allows remote code execution in the context of the current process ...
CVE-2021-31450
CVE-2021-31450 affects Foxit Reader 10.1.1.37576 (and related versions) where a fault in handling XFA forms permits remote code execution after tricking a user into opening a malicious page or file. The root cause is a failure to validate the existence of an object before performing operations on...
CVE-2021-31452
Foxit Reader 10.1.1.37576 and earlier is affected by a remote code execution vulnerability in the handling of XFA forms. The issue stems from insufficient validation of user-supplied data, leading to a write past the end of an allocated data structure and enabling code execution in the attacker’s...
CVE-2017-5556
The CVE-2017-5556 issue affects Foxit Reader (ConvertToPDF plugin) and Foxit PhantomPDF on Windows, where the ConvertToPDF plugin is vulnerable before version 8.2 when the gflags app is enabled. A crafted JPEG image can trigger an out-of-bounds read, causing a denial of service (application crash...
CVE-2018-14252
Foxit Reader 9.0.1.1049 is affected by CVE-2018-14252 due to a type confusion in getField. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can lead to remote arbitrary code execution in the current process. Connected advisories (ZDI-18-712, CNVD-...
CVE-2018-14312
CVE-2018-14312 affects Foxit Reader 9.0.1.5096 due to a use-after-free in the exportAsFDF function, caused by not validating object existence before dereferencing. This enables remote code execution when a user opens a malicious file or visits a malicious page. Connected sources confirm the vulne...
CVE-2018-3960
CVE-2018-3960 is a use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The vulnerability occurs when accessing the Producer property of the this.info object. Exploitation depends on social/drive-by user action: a user must open a specially crafted malicious PDF file, or, ...
CVE-2018-3967
Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. Exploitation requires user action (opening the crafted file); if the browser plugin is enabled, visiting a m...
CVE-2019-6756
CVE-2019-6756 affects Foxit PhantomPDF (version 9.4.0.16811) and Foxit Reader/PhantomPDF family in several disclosures. Description across sources indicates a vulnerability in the parsing of HTML files where the code fails to validate an object’s existence before performing operations on it. This...
CVE-2019-6757
CVE-2019-6757 affects Foxit Reader 9.4.16811. The flaw is in ConvertToPDF_x86.dll and stems from not validating the existence of an object before performing operations, enabling remote code execution after user interaction (visit a malicious page or open a malicious file). The current process con...
CVE-2020-11493
CVE-2020-11493 affects Foxit Reader and PhantomPDF prior to 10.0.1 and 9.7.3 respectively. The issue stems from a direct transformation from a PDF Object to a Stream without adequately handling a crafted XObject, allowing an uninitialized object to leak sensitive information. The result is an inf...
CVE-2021-27264
CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...