549 matches found
CVE-2016-4062
Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...
CVE-2016-8876
CVE-2016-8876 describes an out-of-bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, exploitable by a crafted TIFF image embedded in the XFA data stream of a PDF when the gflags tool is enabled. Successful exploitation can lead to remote arbitrary code execution with ...
CVE-2017-8454
CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...
CVE-2018-11623
CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...
CVE-2018-1179
Foxit Reader 9.0.0.29935 is affected by CVE-2018-1179 through a flaw in parsing GIF DataSubBlock structures. The vulnerability arises from insufficient validation of user-supplied data, enabling an out-of-bounds read past an allocated data structure. This can disclose sensitive information and, i...
CVE-2018-14257
CVE-2018-14257 is a Foxit Reader remote code execution vulnerability in the getPageBox method that enables code execution via crafted JavaScript when a user visits a malicious page or opens a malicious file. The issue is a type confusion condition triggered by actions in JavaScript, allowing an a...
CVE-2018-14259
CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...
CVE-2018-14261
CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...
CVE-2018-14268
Foxit Reader CVE-2018-14268 is a type-confusion remote code execution in the mailForm method of Foxit Reader (9.0.1.1049 and earlier). Exploitation requires user interaction (visiting a malicious page or opening a crafted file). The flaw enables code execution under the current process context an...
CVE-2018-14272
CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...
CVE-2018-14287
Foxit Reader (v9.0.1.1049) is affected by CVE-2018-14287 due to a type confusion in the handling of arguments passed to instanceManager.nodes.append. The flaw allows remote code execution with user interaction required (visiting a malicious page or opening a crafted file). Exploitation context is...
CVE-2018-14293
CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...
CVE-2018-17615
Foxit Reader for Windows vulnerability CVE-2018-17615 affects Foxit Reader 9.0.1.5096. The flaw lies in Mouse Exit event handling and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting...
CVE-2018-17652
CVE-2018-17652 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the XFA TimeField mandatory property handling, caused by not validating the existence of an object before performing operations, which enables a remote attacker to execute code in the context of the current process via a cra...
CVE-2018-17664
CVE-2018-17664 affects Foxit Reader 9.2.0.9297 and earlier in Windows, due to a flaw in the isCompatibleNS handling of an XFA object. The issue arises from not validating the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context o...
CVE-2018-17682
Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17682 due to a use-after-free/memory misreference in the handling of the delay property of Annotation objects. The flaw allows remote code execution in the context of the current process when a user opens a malicious file/page ...
CVE-2018-17692
CVE-2018-17692 affects Foxit PhantomPDF (and Foxit Reader) for Windows, specifically the HTML-to-PDF conversion path. The root cause is an out-of-bounds write stemming from inadequate validation of user-supplied data during HTML-to-PDF conversion, allowing remote code execution. Affected versions...
CVE-2018-17698
CVE-2018-17698 affects Foxit PhantomPDF (Windows) with vulnerable 9.2.0.9297 and related builds. The flaw is in the handling of the richValue property of a text field, arising from not validating the existence of an object before performing operations. This use-after-free scenario enables remote ...
CVE-2018-21241
CVE-2018-21241 affects Foxit PhantomPDF before 8.3.6, where an untrusted search path allows a DLL to execute remote code. According to sources, the vulnerability is triggered in affected PhantomPDF versions prior to 8.3.6 and can lead to remote code execution on the system. The CVSS details indic...
CVE-2018-3994
CVE-2018-3994 affects Foxit PDF Reader 9.2.0.9297, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF document. This may allow arbitrary code execution when a user opens the malicious file; the browser plugin extension context could also trigger the vulner...
CVE-2018-9942
The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...
CVE-2018-9950
Foxit Reader 9.0.0.29935 is affected by a PDF parsing vulnerability that can disclose sensitive information via an out-of-bounds read in memory. The flaw arises from insufficient validation of user-supplied data, enabling a remote attacker to exfiltrate data after the target visits a malicious pa...
CVE-2019-20824
CVE-2019-20824 affects Foxit PhantomPDF prior to 8.3.11. The issue is a NULL pointer dereference in Epub processing caused by FXSYS_wcslen. Impact is described as a crash; no exploitation details are provided in the sources. Patch upgrade to 8.3.11 is the stated remedy.
CVE-2019-20826
The CVE-2019-20826 issue affects Foxit PhantomPDF for Mac (3.3) and Foxit Reader for Mac prior to 3.3. The root cause is a NULL pointer dereference in the affected code path. Public descriptions in the connected sources only confirm the existence and nature of the vulnerability; they do not provi...
CVE-2019-6732
Foxit PhantomPDF (and Foxit Reader) is affected by CVE-2019-6732 due to improper validation in AFParseDateEx, causing an out-of-bounds read that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be trigg...
CVE-2019-6752
Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2021-27267
CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...
CVE-2015-3633
CVE-2015-3633 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1.5. The vulnerability allows remote denial of service via vectors related to digital signatures, caused by memory corruption. Affected components include the PDF handling and digital-signature paths. Imp...
CVE-2016-6168
CVE-2016-6168 affects Foxit Reader and Foxit PhantomPDF 7.3.4.311 and earlier on Windows. A use-after-free in the PDF handling can lead to denial of service and arbitrary code execution via a crafted PDF. The issue is publicly documented across multiple sources; remediation is to update to Foxit ...
CVE-2017-6883
The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...
CVE-2018-1174
CVE-2018-1174 affects Foxit Reader 9.0.0.29935 and is tied to the PrintParams bitmapDPI object. The root cause is uninitialized memory access in that handling, enabling information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, in c...
CVE-2018-1178
The CVE-2018-1178 entry relates to Foxit Reader 9.0.0.29935, where the vulnerability resides in the addField handling and results from not validating the existence of an object before performing operations. This is a remote code execution vulnerability that an attacker can exploit after convincin...
CVE-2018-14277
CVE-2018-14277 affects Foxit Reader; the mailDoc method contains a type confusion that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a file) and can run code with the current process privileges. Affected products are Foxit Reader befor...
CVE-2018-14298
CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...
CVE-2018-14310
CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...
CVE-2018-14314
CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...
CVE-2018-17608
Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...
CVE-2018-17610
Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...
CVE-2018-17628
Foxit Reader (Windows) 9.2.0.9297 and earlier versions are affected by CVE-2018-17628. The flaw occurs in the XFA setInterval method due to not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits a crafted...
CVE-2018-17683
Foxit Reader 9.2.0.9297 (and earlier per CNVD) is affected by a vulnerability in the createIcon handling of an app object. The flaw is a lack of validation for object existence before operations, leading to remote code execution. User interaction is required (visiting a malicious page or opening ...
CVE-2018-17689
CVE-2018-17689 affects Foxit PhantomPDF (and related Foxit viewer components) with a remote code execution flaw in the fillColor handling of a radio button. The root cause is lack of object existence validation before operations, enabling code execution in the current process after user interacti...
CVE-2018-17700
CVE-2018-17700 affects Foxit PhantomPDF 9.2.0.9297 (Windows). The root cause is a flaw in handling of Array.prototype.concat due to insufficient validation of user-supplied data, allowing a read past the end of an allocated object. This leads to remote code execution in the context of the current...
CVE-2018-21238
CVE-2018-21238 affects Foxit PhantomPDF up to version 8.3.7, where a call involving ArrayBuffer(0xfffffffe) enables memory consumption. The connected documents confirm the vulnerability but do not provide concrete details on root cause, affected components beyond the product/version line, exploit...
CVE-2018-5679
CVE-2018-5679 affects Foxit Reader and Foxit PhantomPDF prior to 9.1. The flaw is in processing of PDF files with embedded u3d images due to insufficient validation, causing a read past end of an allocated object and enabling arbitrary code execution in the current process. The issue is exploitab...
CVE-2018-9937
Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...
CVE-2018-9951
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...
CVE-2018-9955
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...
CVE-2018-9970
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...
CVE-2019-20835
Foxit Reader and PhantomPDF prior to 9.5 are affected by a homograph mishandling issue. CVSSv3.1 base score 4.3 (NETWORK attack, USER INTERACTION required; I=LOW) per provided records. No explicit root cause, exploit details, or remediation are stated in the documents; no detailed impact beyond t...