Phantompdf Security Vulnerabilities and Issues — Page 5 of Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

549 matches found

CVE•added 2020/06/04 5:15 p.m.•48 views

CVE-2018-21241

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.

7.8CVSS7.7AI score0.0002EPSS

CVE•added 2018/10/08 4:29 p.m.•48 views

CVE-2018-3997

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the ...

8.8CVSS8.3AI score0.00271EPSS

CVE•added 2020/06/04 4:15 p.m.•48 views

CVE-2019-20814

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 5:15 p.m.•48 views

CVE-2019-20832

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.

4.3CVSS4.7AI score0.00031EPSS

CVE•added 2020/09/04 4:15 a.m.•48 views

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

8.1CVSS7.6AI score0.00075EPSS

CVE•added 2021/05/07 9:15 p.m.•48 views

CVE-2021-31454

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS8.5AI score0.03065EPSS

CVE•added 2021/08/11 10:15 p.m.•48 views

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

7.8CVSS7.5AI score0.00032EPSS

CVE•added 2021/08/11 10:15 p.m.•48 views

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS

CVE•added 2016/04/22 3:59 p.m.•47 views

CVE-2016-4059

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

7.8CVSS7.8AI score0.01302EPSS

CVE•added 2018/05/17 3:29 p.m.•47 views

CVE-2018-1180

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSim...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14247

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the export...

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14254

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14267

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14295

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists wit...

8.8CVSS7.9AI score0.23206EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14300

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proces...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14304

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•47 views

CVE-2018-14309

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2019/01/24 4:29 a.m.•47 views

CVE-2018-17629

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•47 views

CVE-2018-17658

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2021/01/07 5:15 p.m.•47 views

CVE-2018-20310

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

Web

CVE•added 2021/01/07 5:15 p.m.•47 views

CVE-2018-20312

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•47 views

CVE-2018-20316

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•47 views

CVE-2018-21240

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2018/10/08 4:29 p.m.•47 views

CVE-2018-3992

8.8CVSS8.3AI score0.00229EPSS

CVE•added 2019/01/03 11:29 p.m.•47 views

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

7.1CVSS6.6AI score0.00141EPSS

CVE•added 2019/03/21 4:1 p.m.•47 views

CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF...

8.8CVSS8.8AI score0.00745EPSS

CVE•added 2019/06/03 7:29 p.m.•47 views

CVE-2019-6752

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

5.5CVSS5.4AI score0.00128EPSS

CVE•added 2020/10/02 8:15 a.m.•47 views

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

9.8CVSS8.7AI score0.00023EPSS

CVE•added 2020/10/02 8:15 a.m.•47 views

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

7.8CVSS7.8AI score0.00012EPSS

CVE•added 2021/05/07 9:15 p.m.•47 views

CVE-2021-31441

7.8CVSS8.4AI score0.03065EPSS

CVE•added 2021/08/11 8:15 p.m.•47 views

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2016/04/22 3:59 p.m.•46 views

CVE-2016-4062

Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

5.5CVSS6AI score0.00038EPSS

CVE•added 2016/04/22 3:59 p.m.•46 views

CVE-2016-4063

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

7.8CVSS7.8AI score0.01544EPSS

CVE•added 2016/10/31 10:59 a.m.•46 views

CVE-2016-8877

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.

8.8CVSS9AI score0.00534EPSS

CVE•added 2017/05/03 5:59 a.m.•46 views

CVE-2017-8454

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

8.8CVSS8.8AI score0.01208EPSS

CVE•added 2018/05/17 3:29 p.m.•46 views

CVE-2018-10473

8.8CVSS8.8AI score0.00474EPSS

CVE•added 2018/05/17 3:29 p.m.•46 views

CVE-2018-10474

8.8CVSS8.8AI score0.00474EPSS

CVE•added 2018/05/17 3:29 p.m.•46 views

CVE-2018-10481

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

6.5CVSS6.5AI score0.00412EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-11622

8.8CVSS8.8AI score0.00552EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14268

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14280

8.8CVSS8.8AI score0.01087EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14287

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14290

8.8CVSS8.8AI score0.00482EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14293

8.8CVSS8.8AI score0.00345EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14299

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14302

8.8CVSS8.8AI score0.00387EPSS

CVE•added 2018/07/31 8:29 p.m.•46 views

CVE-2018-14311

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17688

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ha...

8.8CVSS8.8AI score0.00566EPSS

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17703

8.8CVSS7.8AI score0.00566EPSS

CVE•added 2021/01/07 6:15 p.m.•46 views

CVE-2018-20314

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

Total number of security vulnerabilities549