Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2018/10/03 3:0 p.m.67 views

CVE-2018-3967

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. Exploitation requires user action (opening the crafted file); if the browser plugin is enabled, visiting a m...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6756

CVE-2019-6756 affects Foxit PhantomPDF (version 9.4.0.16811) and Foxit Reader/PhantomPDF family in several disclosures. Description across sources indicates a vulnerability in the parsing of HTML files where the code fails to validate an object’s existence before performing operations on it. This...

5.5CVSS5.7AI score0.02784EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.67 views

CVE-2019-6757

CVE-2019-6757 affects Foxit Reader 9.4.16811. The flaw is in ConvertToPDF_x86.dll and stems from not validating the existence of an object before performing operations, enabling remote code execution after user interaction (visit a malicious page or open a malicious file). The current process con...

7.8CVSS7.8AI score0.03557EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.67 views

CVE-2020-10897

CVE-2020-10897 affects Foxit PhantomPDF 9.7.1.29511. The flaw is in PDF U3D object handling where inadequate validation allows a write past the end of an allocated object, enabling code execution in the current process. User interaction is required (malicious page or file). Root cause and impact ...

7.8CVSS7.8AI score0.04826EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.67 views

CVE-2021-27264

CVE-2021-27264 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability stems from improper validation in the handling of embedded U3D objects within PDF files, leading to an out-of-bounds read (read past end of an allocated object). This can allow a remote attacker who entices a user to view a m...

4.3CVSS3.8AI score0.02187EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.67 views

CVE-2021-31460

CVE-2021-31460 is a Foxit Reader 10.1.1.37576 remote code execution vulnerability. The flaw occurs in XFA template processing and stems from not validating the existence of an object before performing operations on it, enabling code execution in the attacker’s context after user interaction (e.g....

7.8CVSS8.4AI score0.02755EPSS
CVE
CVE
added 2017/07/07 4:0 p.m.66 views

CVE-2017-10994

Foxit CVE-2017-10994 affects Foxit Reader before 8.3.1 and Foxit PhantomPDF before 8.3.1. The vulnerability is described as an Arbitrary Write flaw that allows a remote attacker to execute arbitrary code via a crafted PDF document. Multiple connected advisories corroborate that the issue is a rem...

9.3CVSS7.6AI score0.04941EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.66 views

CVE-2018-1180

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1180. The vulnerability resides in AFSimple_Calculate, due to not validating the existence of an object before performing operations, enabling remote code execution under the current process context. Exploitation requires user interaction (visiting...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/01/07 5:3 p.m.66 views

CVE-2018-20313

Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9.5 are affected by a race condition in proxyPreviewAction that can cause a stack-based buffer overflow or an out-of-bounds read. The vulnerability is due to improper synchronization in the proxy action handling, enabling memory ...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.66 views

CVE-2018-3958

CVE-2018-3958 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader, version 9.1.0.5096). The defect occurs when accessing the Subject property of the this.info object. Exploitation requires user interaction: convincing a user to open a malicious PDF file, or...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3964

CVE-2018-3964 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by a specially crafted PDF. The vulnerability allows an attacker to cause arbitrary code execution by reusing freed memory when JavaScript objects are manipulated, wi...

8CVSS8.3AI score0.09482EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3966

CVE-2018-3966 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by opening a specially crafted PDF or, if the browser plugin is enabled, by viewing the document in a web browser. The vulnerability allows arbitrary code execution d...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.66 views

CVE-2019-6763

Foxit CVE-2019-6763 affects Foxit Reader 9.4.1.16828 via the Foxit.FoxitReader.Ctl ActiveX object’s ToggleFormsDesign method. The root cause is failure to validate the existence of an object before performing operations, enabling remote code execution when a user visits a malicious page or opens ...

7.8CVSS7.8AI score0.03352EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.66 views

CVE-2019-6769

CVE-2019-6769 affects Foxit Reader 9.4.1.16828 and earlier. The flaw is in the removeField method when processing AcroForms, caused by not validating the existence of an object before operating on it, enabling arbitrary code execution in the attacker’s context after user interaction (visit a mali...

7.8CVSS7.8AI score0.04311EPSS
CVE
CVE
added 2015/05/01 3:0 p.m.65 views

CVE-2015-3632

Foxit products Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF are vulnerable to multiple DoS flaws due to how they handle GIF data embedded in PDFs. Versions prior to 7.1.5 are affected; the underlying issue is memory corruption that can be triggered by a specially crafted GIF, leadi...

4.3CVSS6.9AI score0.06076EPSS
CVE
CVE
added 2018/04/23 11:0 p.m.65 views

CVE-2018-10303

Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...

8.8CVSS8.8AI score0.02583EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-11618

CVE-2018-11618 affects Foxit Reader (notably versions around 9.0.0.29935 and earlier) and is caused by a failure to validate the existence of an object before performing operations in the resetForm method, leading to a remote code execution via user interaction. The vulnerability is documented as...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-14275

Foxit Reader CVE-2018-14275: A type confusion in spawnPageFromTemplate in Foxit Reader (affecting versions including 9.0.1.1049) allows remote code execution when a user visits a malicious page or opens a malicious file; exploitation requires user interaction and can execute code in the current p...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.65 views

CVE-2018-14285

CVE-2018-14285 affects Foxit Reader 9.0.1.1049 (Windows) and is caused by improper validation in handling of the oneOfChild attribute, leading to a type confusion condition that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.65 views

CVE-2018-17691

CVE-2018-17691 affects Foxit PhantomPDF (9.2.0.9297 and likely earlier); the issue arises in the HTML-to-PDF conversion when the software fails to validate an object’s existence before performing operations. This use-after-free style flaw enables remote code execution with the attacker hosting a ...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.65 views

CVE-2018-3959

CVE-2018-3959 affects Foxit PDF Reader 9.1.0.5096. It is a use-after-free in the JavaScript engine triggered when accessing the this.info.Author property, exploitable by tricking a user into opening a malicious PDF or via a browser plugin. Cisco Talos describes it as enabling remote code executio...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2020/06/04 3:38 p.m.65 views

CVE-2019-20814

CVE-2019-20814 affects Foxit PhantomPDF before 8.3.12. The issue is a memory-allocation problem where data is created for each page at the application level, leading to memory consumption that can impact stability. The Red Hat/CNVD/CVE records corroborate the same root cause. No exploitation deta...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.65 views

CVE-2019-6758

Foxit Reader 9.4.16811 is affected by CVE-2019-6758 due to a flaw in ConvertToPDF_x86.dll where the code does not validate the existence of an object before performing operations. This enables information disclosure with user interaction (visiting a malicious page or opening a malicious file) and...

5.5CVSS5.5AI score0.02652EPSS
CVE
CVE
added 2020/10/02 8:0 a.m.65 views

CVE-2020-26540

Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...

7.5CVSS7.6AI score0.00666EPSS
CVE
CVE
added 2015/03/30 2:0 p.m.64 views

CVE-2015-2790

CVE-2015-2790 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1. The issue is a denial-of-service caused by memory corruption triggered by a crafted GIF image, specifically via (1) Ubyte Size in a DataSubBlock or (2) LZWMinimumCodeSize. OpenVAS/Nessus entries confir...

4.3CVSS7AI score0.24516EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.64 views

CVE-2016-4060

CVE-2016-4060 is a use-after-free vulnerability in Foxit Reader and Foxit PhantomPDF for Windows, tracked across multiple sources. The issue affects Foxit Reader and Foxit PhantomPDF versions prior to 7.3.4. The root cause is a memory mismanagement condition (use-after-free) exposed by parsing ce...

7.5CVSS7.2AI score0.01269EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-11622

Summary (CVE-2018-11622) : A boundary/overflow flaw in Foxit Reader’s ConvertToPDF_x86.dll (CVSS up to 8.8) allows a remote attacker to execute arbitrary code after the user visits a malicious page or opens a crafted file. Affected: Foxit Reader on Windows (e.g., versions around 9.0.1.1049 and ea...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14256

CVE-2018-14256 affects Foxit Reader, where the flaw is in the getOCGs method leading to a type confusion and remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a crafted file). Affected: Foxit Reader 9.0.1.1049 (and related Foxit products); multipl...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14258

Foxit Reader (Windows) is affected by CVE-2018-14258 due to a type confusion in getPageNthWord, allowing remote code execution when a user opens a malicious page/file or otherwise interacts with crafted content. The flaw exists in Foxit Reader 9.0.1.1049 and, per advisories, affects versions olde...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2018-14267

Foxit Reader (Windows) is affected by CVE-2018-14267, a type-confusion vulnerability in the importTextData method that can be triggered to execute code remotely. Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and results in arbitrary code execution in...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2021/01/07 4:54 p.m.64 views

CVE-2018-20309

CVE-2018-20309 affects Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10, plus 9.x builds prior to 9.5. The issue is a race condition in the proxyGetAppEdition path that can cause a stack-based buffer overflow or an out‑of‑bounds read. Impact is described in the CVE as memory corruption wi...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2021/01/07 4:56 p.m.64 views

CVE-2018-20310

The connected CNVD-2021-04398 describes a vulnerability affecting Foxit Reader and Foxit PhantomPDF where a race condition can lead to a stack buffer overflow or an out-of-bounds read. The CVE-2018-20310 entry itself identifies Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9...

8.1CVSS8.1AI score0.00863EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.64 views

CVE-2018-3945

Foxit PDF Reader (Windows) vulnerable to CVE-2018-3945 through a use-after-free in the JavaScript engine of Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution when a user opens the malicious file. Several ...

8.8CVSS8.3AI score0.03197EPSS
CVE
CVE
added 2020/06/04 5:0 p.m.64 views

CVE-2019-20823

Foxit PhantomPDF prior to 8.3.11 is affected by a buffer overflow due to a looping correction not occurring after JavaScript updates Field APs. The issue is described across multiple sources (NVD, Red Hat, CNVD, PRION, etc.) with the same root cause in Foxit PhantomPDF’s handling of Field AP upda...

7.5CVSS7.8AI score0.01522EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.64 views

CVE-2019-6768

CVE-2019-6768 affects Foxit Reader 9.4.1.16828 (Windows). The vulnerability resides in the removeField method when processing AcroForms, caused by not validating the existence of an object before performing operations, enabling remote code execution. User interaction is required (target must visi...

7.8CVSS7.8AI score0.03128EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.64 views

CVE-2020-10896

CVE-2020-10896 affects Foxit PhantomPDF (including the 3D U3DBrowser plugin) and specifically targets the processing of U3D objects in PDF files. The issue is a heap-based buffer overflow caused by insufficient validation of the length of user-supplied data, allowing arbitrary code execution in t...

7.8CVSS7.8AI score0.04689EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.64 views

CVE-2020-10899

CVE-2020-10899 affects Foxit Reader/PhantomPDF up to version 9.7.1.29511. The flaw resides in XFA template processing where the code fails to validate an object’s existence before operations, enabling remote code execution when a user opens a malicious file/page. Exploitation requires user intera...

7.8CVSS7.8AI score0.04689EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.64 views

CVE-2021-31459

Foxit Reader 10.1.1.37576 is affected by a vulnerability in XFA Forms where code paths operate on an object without validating its existence, enabling remote code execution. Exploitation requires user interaction (viewing a malicious page or opening a malicious file). The root cause is a lack of ...

7.8CVSS8.4AI score0.02778EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.63 views

CVE-2017-8453

CVE-2017-8453 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or possibly execute arbitrary code. The CVE is documented with a high-sever...

8.8CVSS8.8AI score0.03939EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.63 views

CVE-2018-10480

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10480 due to improper validation in the handling of the U3D Node Name buffer, causing a read past the end of an allocated buffer. The vulnerability can disclose sensitive information and, in conjunction with other vulnerabilities, may allow code ex...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.63 views

CVE-2018-10490

CVE-2018-10490 affects Foxit Reader 9.0.0.29935 and relates to the parsing of JPEG images embedded inside U3D files. The vulnerability is caused by a lack of proper validation of user-supplied data, leading to an out-of-bounds memory access and enabling remote code execution in the context of the...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14247

Foxit Reader CVE-2018-14247 is a type-confusion remote code execution vulnerability in the exportAsFDF method. Exploitation requires user interaction (visiting a malicious page or opening a malicious file via JavaScript) and can execute code under the current process. Connected advisories (e.g., ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14291

Foxit Reader CVE-2018-14291 is a PDF parsing vulnerability (use-after-free) that allows remote code execution when an attacker manipulates PDF elements; user interaction (open a malicious file/page) is required. The weakness is in the parsing of PDF documents, specifically a pointer reuse after f...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14300

CVE-2018-14300 describes a remote code execution vulnerability in Foxit Reader caused by a use-after-free in the handling of Polygon annotations. The flaw reuses a freed pointer during document element processing, enabling an attacker to run arbitrary code in the victim process when a user opens ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14302

CVE-2018-14302 affects Foxit Reader (Windows) via a remote code execution vulnerability in Square annotations. The flaw is an use-after-free in processing of annotations that can be triggered when a user visits a malicious page or opens a malicious file, enabling arbitrary code execution in the c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.63 views

CVE-2018-14308

CVE-2018-14308 affects Foxit Reader (and Foxit PhantomPDF) with versions before 9.2.0.9097. The root cause is a use-after-free in valueAsString handling where the code does not verify an object exists before operating on it, allowing remote code execution when a user visits a malicious page or op...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.63 views

CVE-2018-17658

CVE-2018-17658 affects Foxit Reader 9.2.0.9297 and earlier, where the vulnerability stems from improper handling of the host object’s respose property and a lack of validating object existence before operations. This allows remote code execution in the context of the current process and requires ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.63 views

CVE-2018-17662

CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2020/06/04 4:30 p.m.63 views

CVE-2018-21240

CVE-2018-21240 affects Foxit Reader and PhantomPDF prior to version 9.2. The issue is a memory consumption flaw triggered by an ArrayBuffer(0xfffffffe) call in these products. Root cause is a memory handling vulnerability leading to resource exhaustion. Impact is partial availability degradation ...

7.5CVSS7.5AI score0.01044EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.63 views

CVE-2018-3992

CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...

8.8CVSS8.3AI score0.02848EPSS
Total number of security vulnerabilities549