Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2019/01/24 4:0 a.m.62 views

CVE-2018-17662

CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.62 views

CVE-2018-3992

CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...

8.8CVSS8.3AI score0.02848EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.62 views

CVE-2018-3997

The CVE-2018-3997 entry concerns Foxit PDF Reader. A use-after-free in the JavaScript engine of Foxit PDF Reader, version 9.2.0.9297, can be triggered by a specially crafted PDF, causing reuse of a previously freed object and arbitrary code execution. An attacker must entice the user to open the ...

8.8CVSS8.3AI score0.03039EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.62 views

CVE-2018-9947

Foxit Reader 9.0.0.29935 is affected by CVE-2018-9947, a heap-based buffer overflow in BMP image parsing. The flaw arises from improper validation of the length of user-supplied data before copying to a fixed-length heap buffer, allowing remote code execution. Exploitation requires user interacti...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2020/06/04 4:50 p.m.62 views

CVE-2019-20832

Foxit PhantomPDF is affected by CVE-2019-20832 due to homograph mishandling in versions before 8.3.10 (improper handling of homonyms). The issue is documented across multiple sources (including CNVD, Red Hat, NVD) with the same description; exploitation details and a confirmed patch/fix are not p...

4.3CVSS4.7AI score0.00969EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.62 views

CVE-2019-6733

CVE-2019-6733 affects Foxit PhantomPDF (PDF handling). The issue is an out-of-bounds read from improper validation of user-supplied data in PDF processing, which can disclose sensitive information. It is exploitable via remote interaction when a user opens a malicious page/file, and an attacker m...

6.5CVSS6.2AI score0.0429EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.62 views

CVE-2019-6770

Foxit Reader 9.4.1.16828 is affected by a vulnerability in the resetForm method for AcroForms that discloses information due to not validating an object’s existence before operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, per the docum...

5.5CVSS5.5AI score0.02652EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.62 views

CVE-2020-17414

CVE-2020-17414 affects Foxit Reader (and related updates) with a local privilege-escalation in the Update Service due to incorrect permissions on a resource used by the service, enabling code execution in the SYSTEM context. Impact is local, requiring low-privilege code execution before exploitat...

7.8CVSS7.6AI score0.01909EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.62 views

CVE-2020-17417

CVE-2020-17417 affects Foxit Reader (10.0.1.35811 and earlier) and related Foxit products. The root cause is a failure to verify the existence of an Annotation object before performing operations on it, leading to use-after-free/invalid object handling in Annotation processing. This can enable re...

7.8CVSS7.8AI score0.09084EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.62 views

CVE-2020-26537

CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...

9.8CVSS9.2AI score0.01149EPSS
CVE
CVE
added 2020/12/15 12:53 p.m.62 views

CVE-2020-28203

CVE-2020-28203 affects Foxit Reader and PhantomPDF up to 10.1.0.37527, where opening a crafted PDF can trigger a null pointer dereference, causing the application to crash (denial of service). This is supported by multiple sources in the connected documents, including the NVD entry and vendor dis...

5.5CVSS6AI score0.01868EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.61 views

CVE-2016-4064

Foxit Reader and Foxit PhantomPDF (Windows) ≤ 7.3.3 are affected by CVE-2016-4064 due to a use-after-free in the XFA forms handling when a crafted remerge call is processed. This leads to remote code execution with high impact (as described in connected sources). Remediation per the documents: up...

7.8CVSS7.8AI score0.04182EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-10495

Foxit Reader 9.0.0.29935 is affected by a vulnerability in PDF parsing that causes a type confusion when validating user-supplied data. The flaw allows remote code execution in the context of the current process and requires the target to visit a malicious page or open a malicious file (user inte...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14254

CVE-2018-14254 affects Foxit Reader (notably 9.0.1.1049) where a type confusion in the getLinks method can be triggered by JavaScript on a malicious page or file, allowing remote code execution under the process context. Multiple connected sources corroborate a getLinks-based type confusion with ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14295

Summary: CVE-2018-14295 affects Foxit PhantomPDF (and Foxit Reader) with a PDF-parsing flaw. A vulnerability in how shading patterns are processed can cause an integer overflow before buffer allocation, enabling remote code execution when a user opens a malicious file/page or visits a crafted pag...

8.8CVSS7.9AI score0.08895EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.61 views

CVE-2018-14311

CVE-2018-14311 affects Foxit Reader (and Foxit PhantomPDF) via a type confusion in XFA event handling. The flaw arises from improper validation of user-supplied data, enabling remote code execution when a user opens a malicious file or visits a crafted page. Exploitation requires user interaction...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17629

Foxit Reader 9.1.0.5096 is affected by a template-objects handling vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before performing operations on it, enabling an attacker to run code in the current process. Exploitation requires u...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17701

CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2021/01/07 5:7 p.m.61 views

CVE-2018-20316

CVE-2018-20316 concerns Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10 and 9.x prior to 9.5, where a proxyDoAction race condition can lead to a stack-based buffer overflow or an out-of-bounds read. This race condition is the underlying issue differentiating it from CVE-2018-20310 (diffe...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-9941

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA record append handling that can lead to remote code execution via type confusion. The flaw arises from improper validation of user-supplied data, and exploitation requires user interaction (visiting a malicious page or opening a m...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.61 views

CVE-2018-9981

CVE-2018-9981 affects Foxit Reader 9.0.0.29935. The flaw is in U3D file parsing due to an uninitialized pointer, allowing remote code execution in the current process after user interaction (malicious page or file). Exploitation details are described across multiple sources linked to Foxit/ZDI; n...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/06/04 3:37 p.m.61 views

CVE-2019-20813

Foxit PhantomPDF prior to 8.3.12 is affected by CVE-2019-20813, a NULL pointer dereference issue. Affects Foxit PhantomPDF (versions before 8.3.12). The issue is described as a null pointer dereference; CVSS metrics in the source indicate a Network attack vector with no authentication, low attack...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.61 views

CVE-2019-6765

CVE-2019-6765 : Foxit PhantomPDF 9.4.1.16828 is affected by an out-of-bounds read in the HTML-to-PDF conversion process. The flaw, caused by improper validation of user-supplied data, permits remote code execution via a crafted HTML/file when the user visits a malicious page or opens a malicious ...

7.8CVSS7.7AI score0.03484EPSS
CVE
CVE
added 2020/10/13 5:10 p.m.61 views

CVE-2020-17415

CVE-2020-17415 affects Foxit PhantomPDF (notably the Update Service) where incorrect permissions on a configuration/resource used by the update service allow a local, low-privilege attacker to escalate to SYSTEM and execute code. Affected versions include PhantomPDF 10.0.0.35798 (and related 10.0...

7.8CVSS7.6AI score0.02059EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.60 views

CVE-2016-4061

Summary of CVE-2016-4061 : Foxit Reader and PhantomPDF (Windows) prior to version 7.3.4 are affected by a vulnerability that allows remote attackers to cause a denial of service (application crash) via a crafted content stream. The issue is described across multiple feeds as a memory/parse fault ...

7.5CVSS7.1AI score0.01269EPSS
CVE
CVE
added 2018/02/07 5:0 p.m.60 views

CVE-2016-6169

CVE-2016-6169 describes a heap-based buffer overflow in Foxit Reader and PhantomPDF versions 7.3.4.311 and earlier on Windows. The vulnerability allows memory corruption and application crashes, potentially enabling arbitrary code execution via Bezier data in a crafted PDF. Affected components ar...

7.8CVSS8.1AI score0.05318EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-11617

CVE-2018-11617 affects Foxit Reader (9.0.0.29935 and earlier) via a use-after-free in the handling of Format events for ComboBox fields. The root cause is failure to validate the existence of an object before performing operations on it, allowing remote attackers to execute arbitrary code with th...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.60 views

CVE-2018-1173

CVE-2018-1173 affects Foxit Reader 9.0.0.29935. The root cause is a flaw in handling the XFA borderColor attribute where the code fails to validate the existence of an object before operating on it, enabling remote code execution. Multiple connected sources reference that an attacker can lure a u...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.60 views

CVE-2018-1177

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1177. The flaw lies in the handling of addAnnot, where the code fails to validate the existence of an object before performing operations, enabling remote code execution under the current process context. User interaction is required to trigger the...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14255

Foxit Reader 9.0.1.1049 is affected by a type confusion in getNthFieldName that enables remote code execution when a user opens a malicious page/file or interacts with JavaScript. The flaw allows code execution in the context of the current process and is associated with ZDI-6018. Mitigation per ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14262

CVE-2018-14262 affects Foxit Reader (example affected build: 9.0.1.1049). The root cause is a type confusion in the getURL method that can be triggered through JavaScript actions, allowing remote code execution with the attacker’s code running in the current process context. User interaction is r...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14265

CVE-2018-14265 affects Foxit Reader (around version 9.0.1.1049 and earlier) where a flaw in the importAnXFDX method can trigger a type confusion via JavaScript, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14278

CVE-2018-14278 affects Foxit Reader. The flaw is a type confusion in getPageNumWords that can allow remote code execution via crafted JavaScript when a user opens a malicious page/file. Exploitation requires user interaction. Reports/connected advisories indicate multiple related fixes; remediati...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14280

Foxit Reader vulnerability CVE-2018-14280 enables remote code execution via the exportAsFDF XFA function. The flaw arises from insufficient validation of user-supplied data, allowing arbitrary file writes to attacker-controlled locations when a user opens a malicious file or visits a malicious pa...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14286

Foxit Reader: CVE-2018-14286 is a type-confusion remote-code-execution vulnerability in the mailDoc argument handling. It affects Foxit Reader 9.0.1.1049 and earlier; exploitation requires user interaction (visiting a malicious page or opening a malicious file). Root cause: improper validation of...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14288

CVE-2018-14288 affects Foxit Reader (Windows) with vulnerabilities in the handling of arguments to the setFocus function, leading to a type-confusion condition that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affec...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14309

Foxit Reader CVE-2018-14309 is a use-after-free in handling of the SeedValue Generic Object passed to signatureSetSeedValue, enabling remote code execution with user interaction. Affected products include Foxit Reader versions older than 9.2.0.9097 (and Foxit PhantomPDF pre-9.2.0.9097). The root ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.60 views

CVE-2018-16293

CVE-2018-16293 is a use-after-free vulnerability in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3. A specially crafted PDF can trigger a previously freed object to be reused, leading to arbitrary code execution. An attacker must entice a user to open the malicious PDF...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.60 views

CVE-2018-17623

CVE-2018-17623 affects Foxit Reader 9.0.1.5096 and variants where the flaw is in the handling of Link objects. The root cause is the lack of validating an object’s existence before performing operations, enabling remote code execution in the context of the current process when a user visits a mal...

8.8CVSS8.8AI score0.03279EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.60 views

CVE-2018-17642

Foxit Reader (v9.2.0.9297 and earlier) is affected by a TimeField colSpan handling flaw that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the current process. Exploi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2021/01/07 5:1 p.m.60 views

CVE-2018-20312

Affected software: Foxit Reader before 9.5; PhantomPDF before 8.3.10 and 9.x before 9.5. Root cause: a proxyDoAction race condition. Consequence: could cause a stack-based buffer overflow OR an out-of-bounds read. No remediation or exploitation status provided in the supplied documents.

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2021/01/07 5:4 p.m.60 views

CVE-2018-20314

CVE-2018-20314 affects Foxit Reader before 9.5 and PhantomPDF before 8.3.10 (and 9.x before 9.5). The underlying issue is a proxyCheckLicence race condition that can lead to a stack-based buffer overflow or an out-of-bounds read. Impacted products include Foxit Reader/PhantomPDF, with potential f...

8.1CVSS8.1AI score0.0084EPSS
CVE
CVE
added 2020/06/04 4:33 p.m.60 views

CVE-2018-21237

CVE-2018-21237 affects Foxit PhantomPDF prior to 8.3.7. The vulnerability enables NTLM credential theft via GoToE or GoToR actions in the affected PDF reader. The available connected records corroborate the issue and its attribution to Foxit PhantomPDF versions before 8.3.7, with multiple sources...

5.3CVSS5.3AI score0.00817EPSS
CVE
CVE
added 2020/06/04 4:31 p.m.60 views

CVE-2018-21239

CVE-2018-21239 affects Foxit Reader and PhantomPDF before 9.2. The issue enables NTLM credential theft via a GoToE or GoToR action in PDFs. Root cause is information leakage via GoTo actions, leading to partial confidentiality impact per CVSS (2.0: 5.0, 3.1: 5.3). Affected products are Foxit Read...

5.3CVSS5.2AI score0.00817EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.60 views

CVE-2018-9963

Foxit Reader 9.0.1.1049 is affected by a JPEG2000 parsing flaw that allows an out-of-bounds read, enabling information disclosure and potentially code execution in the context of the current process. The vulnerability arises from inadequate validation of user-supplied data, resulting in a read pa...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/06/04 4:43 p.m.60 views

CVE-2019-20837

CVE-2019-20837 affects Foxit Reader and PhantomPDF, prior to version 9.5. The issue allows signature validation bypass when a file is modified or uses non-standard signatures, enabling bypass of digital signature checks. The provided documents do not specify an exploit method or in-the-wild activ...

7.5CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.60 views

CVE-2020-26538

CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...

7.8CVSS7.8AI score0.00502EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.60 views

CVE-2021-31453

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31453 due to improper validation of an object in XFA Forms handling, enabling remote code execution. The flaw allows an attacker to run arbitrary code in the context of the current process after user interaction (e.g., opening a malicious file or ...

7.8CVSS8.4AI score0.02784EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.60 views

CVE-2021-31454

Foxit Reader 10.1.1.37576 is affected by a heap-based buffer overflow in parsing Decimal elements (leadDigits). A crafted leadDigits value can overflow a fixed-length heap buffer, enabling remote code execution in the context of the current process with user interaction (visiting a malicious page...

7.8CVSS8.5AI score0.02511EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.60 views

CVE-2021-31457

Foxit Reader 10.1.1.37576 is affected by a code execution vulnerability in the handling of Annotation objects. The issue stems from failing to validate the existence of an object before performing operations, allowing an attacker to run arbitrary code in the current process when a user visits a m...

7.8CVSS8.4AI score0.02778EPSS
Total number of security vulnerabilities549