Phantompdf Security Vulnerabilities and Issues — Page 5 of Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

549 matches found

CVE•added 2021/08/11 10:15 p.m.•47 views

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2021/08/11 10:15 p.m.•47 views

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS

CVE•added 2018/05/17 3:29 p.m.•46 views

CVE-2018-1180

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSim...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14247

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the export...

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14254

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14275

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14295

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wit...

8.8CVSS7.9AI score0.23206EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14300

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proces...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14304

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14309

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17629

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17658

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2021/01/07 5:15 p.m.•46 views

CVE-2018-20310

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•46 views

CVE-2018-20316

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•46 views

CVE-2018-21237

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

5.3CVSS5.3AI score0.0001EPSS

CVE•added 2020/06/04 4:15 p.m.•46 views

CVE-2019-20814

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2019/01/03 11:29 p.m.•46 views

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

7.1CVSS6.6AI score0.00141EPSS

CVE•added 2019/03/21 4:1 p.m.•46 views

CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF...

8.8CVSS8.8AI score0.00745EPSS

CVE•added 2019/06/03 7:29 p.m.•46 views

CVE-2019-6752

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

5.5CVSS5.4AI score0.00128EPSS

CVE•added 2020/10/02 8:15 a.m.•46 views

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

7.8CVSS7.8AI score0.00012EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31441

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31454

7.8CVSS8.5AI score0.02166EPSS

CVE•added 2021/08/11 8:15 p.m.•46 views

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2021/08/11 10:15 p.m.•46 views

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

7.8CVSS7.5AI score0.00032EPSS

CVE•added 2016/04/22 3:59 p.m.•45 views

CVE-2016-4059

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

7.8CVSS7.8AI score0.01302EPSS

CVE•added 2016/04/22 3:59 p.m.•45 views

CVE-2016-4062

Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

5.5CVSS6AI score0.00038EPSS

CVE•added 2016/10/31 10:59 a.m.•45 views

CVE-2016-8877

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.

8.8CVSS9AI score0.00534EPSS

CVE•added 2018/05/17 3:29 p.m.•45 views

CVE-2018-10473

8.8CVSS8.8AI score0.00474EPSS

CVE•added 2018/05/17 3:29 p.m.•45 views

CVE-2018-10474

8.8CVSS8.8AI score0.00474EPSS

CVE•added 2018/05/17 3:29 p.m.•45 views

CVE-2018-10481

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

6.5CVSS6.5AI score0.00412EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-11622

8.8CVSS8.8AI score0.00552EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14267

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14268

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14287

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14293

8.8CVSS8.8AI score0.00345EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14302

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•45 views

CVE-2018-14311

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/01/24 4:29 a.m.•45 views

CVE-2018-17703

8.8CVSS7.8AI score0.00566EPSS

CVE•added 2021/01/07 5:15 p.m.•45 views

CVE-2018-20312

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•45 views

CVE-2018-20314

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2018-21240

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2018-21244

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.

9.8CVSS9.3AI score0.0005EPSS

CVE•added 2018/10/08 4:29 p.m.•45 views

CVE-2018-3992

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the ...

8.8CVSS8.3AI score0.00229EPSS

CVE•added 2018/10/03 3:29 p.m.•45 views

CVE-2018-3994

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the u...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2018/05/24 9:29 p.m.•45 views

CVE-2018-5678

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

8.8CVSS8.8AI score0.01864EPSS

CVE•added 2018/05/17 3:29 p.m.•45 views

CVE-2018-9941

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/05/17 3:29 p.m.•45 views

CVE-2018-9942

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2020/06/04 4:15 p.m.•45 views

CVE-2019-20816

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.

7.5CVSS7.5AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2019-20828

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

7.5CVSS7.7AI score0.00022EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2019-20834

An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.

7.5CVSS7.5AI score0.00007EPSS

Total number of security vulnerabilities549