Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2018/07/31 8:0 p.m.60 views

CVE-2018-14288

CVE-2018-14288 affects Foxit Reader (Windows) with vulnerabilities in the handling of arguments to the setFocus function, leading to a type-confusion condition that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affec...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.60 views

CVE-2018-16293

CVE-2018-16293 is a use-after-free vulnerability in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3. A specially crafted PDF can trigger a previously freed object to be reused, leading to arbitrary code execution. An attacker must entice a user to open the malicious PDF...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.60 views

CVE-2018-17675

CVE-2018-17675 concerns Foxit Reader. The vulnerability exists in the handling of the removeDataObject method of a document and stems from not validating the existence of an object before performing operations. It enables remote code execution in the context of the current process on vulnerable F...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2020/06/04 4:33 p.m.60 views

CVE-2018-21237

CVE-2018-21237 affects Foxit PhantomPDF prior to 8.3.7. The vulnerability enables NTLM credential theft via GoToE or GoToR actions in the affected PDF reader. The available connected records corroborate the issue and its attribution to Foxit PhantomPDF versions before 8.3.7, with multiple sources...

5.3CVSS5.3AI score0.00817EPSS
CVE
CVE
added 2020/06/04 4:31 p.m.60 views

CVE-2018-21239

CVE-2018-21239 affects Foxit Reader and PhantomPDF before 9.2. The issue enables NTLM credential theft via a GoToE or GoToR action in PDFs. Root cause is information leakage via GoTo actions, leading to partial confidentiality impact per CVSS (2.0: 5.0, 3.1: 5.3). Affected products are Foxit Read...

5.3CVSS5.2AI score0.00817EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.60 views

CVE-2020-26538

CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...

7.8CVSS7.8AI score0.00502EPSS
CVE
CVE
added 2021/08/11 9:14 p.m.60 views

CVE-2021-38571

CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...

7.8CVSS7.5AI score0.00547EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.59 views

CVE-2016-4059

Summary: CVE-2016-4059 is a use-after-free vulnerability in Foxit Reader and Foxit PhantomPDF before 7.3.4 on Windows, exploitable via a crafted FlateDecode stream in a PDF to achieve arbitrary code execution. The issue is part of a family of related flaws affecting multiple components of Foxit’s...

7.8CVSS7.8AI score0.0441EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.59 views

CVE-2016-8879

CVE-2016-8879 affects Foxit Reader and Foxit PhantomPDF prior to 8.1 on Windows. The issue lies in the thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) where a crafted JPEG2000 image embedded in a PDF can trigger an out-of-bounds write, causing an application crash and a denial-of-s...

6.5CVSS7AI score0.01277EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10473

CVE-2018-10473 affects Foxit Reader 9.0.0.29935 and is due to improper validation in the parsing of U3D CLOD Base Mesh Continuation structures, causing an out-of-bounds write that can execute arbitrary code. The vulnerability permits remote code execution and requires user interaction (visiting a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.59 views

CVE-2018-10482

CVE-2018-10482 affects Foxit Reader 9.0.0.29935. The issue is an out-of-bounds read in the U3D Texture Image Format object caused by improper validation of user-supplied data, leading to possible information disclosure. Attack requires user interaction (malicious page or file); an attacker could ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.59 views

CVE-2018-14246

CVE-2018-14246 affects Foxit Reader (e.g., version 9.0.1.1049) where the convertTocPDF method can trigger a type confusion in JavaScript, allowing remote code execution after user interaction (visiting a malicious page or opening a malicious file). Multiple connected advisories confirm the root c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.59 views

CVE-2018-17622

CVE-2018-17622 affects Foxit Reader 9.1.0.5096 (Windows). The issue is a buffer over-read in handling Calculate events caused by improper validation of user-supplied data, allowing remote attackers to disclose sensitive information and potentially execute code in the context of the current proces...

6.5CVSS6.6AI score0.03EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17688

CVE-2018-17688 affects Foxit PhantomPDF/Reader on Windows; a memory misreference in the ComboBox setItems handling leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Targets include P...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17703

Foxit Reader (Windows) is affected, including version 9.2.0.9297 and earlier, with vulnerabilities tied to the handling of the defaultValue property of ComboBox objects. The underlying flaw is a failure to validate the existence of an object before performing operations, resulting in a use-after-...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2020/06/04 4:17 p.m.59 views

CVE-2018-21244

Foxit PhantomPDF up to version 8.3.5 contains a vulnerability where an embedded executable in a PDF portfolio can lead to arbitrary code execution (FG-VD-18-029). Root cause is an improper handling of embedded executables within portfolios, enabling remote exploitation via crafted PDFs. Affected ...

9.8CVSS9.3AI score0.01807EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.59 views

CVE-2018-5678

Foxit Reader/PhantomPDF before 9.1 are affected by CVE-2018-5678 due to a flaw in processing PDFs with embedded u3d images, causing a heap-based buffer overflow. An attacker can exploit this via a malicious PDF to execute arbitrary code in the current process; user interaction is required (visiti...

8.8CVSS8.8AI score0.04056EPSS
CVE
CVE
added 2020/06/04 3:40 p.m.59 views

CVE-2019-20816

CVE-2019-20816 : Foxit PhantomPDF before 8.3.12 contains a NULL pointer dereference during parsing of file data, impacting users of that product. The issue is documented across multiple feeds (NVD/NB Red Hat/EUVD/CNVD lists) with the same root cause. Affected software is Foxit PhantomPDF; vulnera...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 3:48 p.m.59 views

CVE-2019-20821

CVE-2019-20821 affects Foxit PhantomPDF Mac before 3.4. The vulnerability is a NULL pointer dereference in PhantomPDF Mac, as described in multiple sources (NVD, Red Hat, CNVD, Prion, CVE list). CVSS data from NVD indicates network attack vector with low complexity and no authentication required ...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 4:47 p.m.59 views

CVE-2019-20834

The CVE-2019-20834 entry concerns Foxit PhantomPDF before 8.3.10, where a vulnerability allows a signature verification bypass when processing a modified file or a file with non-standard signatures. The Red Hat and CNVD records confirm the same issue affecting Foxit PhantomPDF; no exploitation de...

7.5CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.59 views

CVE-2019-5007

CVE-2019-5007 affects Foxit Reader and PhantomPDF for Windows prior to 9.4. It is a NULL pointer dereference during TIFF parsing that causes an out-of-bounds read, leading to information disclosure and a crash. The description in multiple sources confirms the vulnerability lies in TIFF data handl...

7.1CVSS6.6AI score0.01552EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.59 views

CVE-2019-6729

CVE-2019-6729 is a remote-code-execution vulnerability in Foxit Reader and Foxit PhantomPDF for Windows caused by an out-of-bounds read during PDF processing due to improper validation of input data (read past end of allocated buffer). It requires user interaction (malicious page or file). Affect...

8.8CVSS8.8AI score0.03719EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.59 views

CVE-2019-6753

Foxit Reader 9.3.0.10826 is affected by a vulnerability in the Stuff method that can trigger an integer overflow when handling user-supplied data, potentially enabling information disclosure and, with additional issues, code execution. Exploitation requires user interaction (visit a malicious pag...

5.5CVSS5.6AI score0.10722EPSS
CVE
CVE
added 2020/09/04 3:32 a.m.59 views

CVE-2020-12248

CVE-2020-12248 affects Foxit Reader and Foxit PhantomPDF: heap-based buffer overflow caused by mishandling dirty image-resource data, allowing arbitrary code execution. Affected: Foxit Reader and PhantomPDF versions before 10.0.1, and PhantomPDF before 9.7.3. Impact per sources: potential remote ...

8.8CVSS9AI score0.01799EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.58 views

CVE-2016-4063

Foxit Foxit Reader/PhantomPDF prior to version 7.3.4 is affected by multiple use-after-free vulnerabilities in PDF handling (notably object revision number -1, and related FlateDecode/content stream handling). The CVE in scope (CVE-2016-4063) is described as a use-after-free enabling arbitrary co...

7.8CVSS7.8AI score0.04529EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10479

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10479 due to an out-of-bounds read in parsing U3D Key Frame structures, causing information disclosure. The vulnerability allows remote attackers to disclose sensitive information and requires user interaction (visiting a malicious page or opening ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10481

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read vulnerability in the U3D Texture Resource parsing path. The flaw stems from insufficient validation of user-supplied data, which can cause a read past the end of an allocated data structure and enable sensitive information disclosure. ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-10494

Foxit Reader 9.0.1.1049 is affected by a stack-based buffer overflow in the parsing of U3D 3DView objects. The issue stems from insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution under the process context. Expl...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-11621

Foxit Reader (Windows) vulnerability CVE-2018-11621 affects Foxit Reader 9.0.1.1049 with the ConvertToPDF_x86.dll causing an out-of-bounds read that discloses sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file); an attacker could l...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-1176

Foxit Reader 9.0.0.29935 is affected by an ePub parsing vulnerability that allows remote code execution via a write past the end of an allocated object due to insufficient input validation. The issue can be triggered when a user visits a malicious page or opens a malicious file, requiring user in...

8.8CVSS8.8AI score0.03553EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14253

The CVE-2018-14253 entry concerns Foxit Reader (variants of Foxit Reader 9.0.1.1049 and affected 9.x lines). The vulnerability is a type-confusion in the getIcon method that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.58 views

CVE-2018-14316

Foxit Reader vulnerability CVE-2018-14316 affects Foxit Reader 9.0.1.5096 where PDF processing lacks proper validation, causing a read past the end of an allocated buffer. This enables remote code execution in the context of the current process and requires user interaction (visiting a malicious ...

6.5CVSS6.8AI score0.02629EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.58 views

CVE-2018-17624

Foxit Reader (v9.1.0.5096) contains a remote code execution vulnerability in the handling of OCG objects due to a lack of validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). An attacker...

8.8CVSS7.8AI score0.03279EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.58 views

CVE-2018-17669

CVE-2018-17669 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the handling of the name property of an XFA object and stems from not validating the existence of the object before performing operations, enabling remote code execution with current-process privileges after user visits a ma...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.58 views

CVE-2018-17694

CVE-2018-17694 affects Foxit PhantomPDF 9.2.0.9297 (and related Foxit PDF products in some feeds) with a display-property handling flaw in a button where the program does not verify an object’s existence before acting. This leads to remote code execution in the context of the current process, wit...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.58 views

CVE-2018-5674

Foxit Reader/PhantomPDF before 9.1 are vulnerable to CVE-2018-5674 due to improper handling of PDF files with embedded u3d images. The flaw triggers a heap-based buffer overflow when parsing specially crafted PDFs, allowing remote code execution in the context of the current process. Exploitation...

8.8CVSS8.8AI score0.04056EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-9954

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9954 due to a flaw in handling XFA Button elements. The bug occurs when setting the y attribute, where the code does not properly validate the existence of an object before operating on it, enabling remote code execution under the process context. E...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.58 views

CVE-2018-9969

CVE-2018-9969 affects Foxit Reader (v9.0.1.1049) and is due to a flaw in the XFA boundItem method of Button elements. The vulnerability arises from not validating the existence of an object before performing operations, enabling remote code execution under the process context when a user opens a ...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2020/06/04 3:47 p.m.58 views

CVE-2019-20818

CVE-2019-20818 affects Foxit Reader and PhantomPDF prior to version 9.7. The issue is a resource-management vulnerability where data is created for each page at the application level, leading to memory consumption. The supplied documents describe the affected products and the root cause but do no...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 4:54 p.m.58 views

CVE-2019-20828

CVE-2019-20828 affects Foxit Reader and PhantomPDF prior to version 9.6. The vulnerability is a buffer overflow caused by a looping correction that does not occur after JavaScript updates Field APs, leading to potential memory corruption. Multiple sources corroborate the issue across vendor advis...

7.5CVSS7.7AI score0.01522EPSS
CVE
CVE
added 2020/09/04 3:32 a.m.58 views

CVE-2020-12247

CVE-2020-12247 affects Foxit Reader and Foxit PhantomPDF prior to versions 10.0.1 and 9.7.3, respectively. The root cause is an out-of-bounds read caused by a text-string index being reused after splitting a string, which can also trigger a crash. Exploitation could lead to disclosure of sensitiv...

7.1CVSS6.6AI score0.03607EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.58 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.58 views

CVE-2021-27268

CVE-2021-27268 affects Foxit PhantomPDF 10.1.0.37527. The vulnerability is a U3D object handling flaw in PDFs where the software does not validate the existence of an object before performing operations, enabling an attacker to execute code in the current process. Technical details surfaced acros...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.58 views

CVE-2021-27271

CVE-2021-27271 affects Foxit PhantomPDF 10.1.0.37527. The issue is an out-of-bounds read in the handling of U3D objects in PDFs, allowing remote code execution with user interaction required (open a malicious file/page). Root cause: improper validation of user-supplied data in U3D processing. Exp...

7.8CVSS7.8AI score0.03304EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.57 views

CVE-2016-4062

Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...

5.5CVSS6AI score0.01377EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-11623

CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...

8.8CVSS8.8AI score0.02882EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-1179

Foxit Reader 9.0.0.29935 is affected by CVE-2018-1179 through a flaw in parsing GIF DataSubBlock structures. The vulnerability arises from insufficient validation of user-supplied data, enabling an out-of-bounds read past an allocated data structure. This can disclose sensitive information and, i...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14257

CVE-2018-14257 is a Foxit Reader remote code execution vulnerability in the getPageBox method that enables code execution via crafted JavaScript when a user visits a malicious page or opens a malicious file. The issue is a type confusion condition triggered by actions in JavaScript, allowing an a...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.57 views

CVE-2018-14259

CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...

8.8CVSS8.8AI score0.02773EPSS
Total number of security vulnerabilities549