Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2020/06/04 4:29 p.m.57 views

CVE-2018-21241

CVE-2018-21241 affects Foxit PhantomPDF before 8.3.6, where an untrusted search path allows a DLL to execute remote code. According to sources, the vulnerability is triggered in affected PhantomPDF versions prior to 8.3.6 and can lead to remote code execution on the system. The CVSS details indic...

7.8CVSS7.7AI score0.00792EPSS
CVE
CVE
added 2020/06/04 4:23 p.m.57 views

CVE-2018-21242

CVE-2018-21242 affects Foxit PhantomPDF prior to 8.3.6, allowing Remote Code Execution via GoToE or GoToR actions. The issue concerns the handling of GoTo actions that can trigger code execution, with impacted versions before 8.3.6. CVSS results in the connected data show a high impact (C/H/I/A =...

9.8CVSS9.5AI score0.02232EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.57 views

CVE-2018-9954

Foxit Reader 9.0.1.1049 is affected by CVE-2018-9954 due to a flaw in handling XFA Button elements. The bug occurs when setting the y attribute, where the code does not properly validate the existence of an object before operating on it, enabling remote code execution under the process context. E...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2020/06/04 3:47 p.m.57 views

CVE-2019-20818

CVE-2019-20818 affects Foxit Reader and PhantomPDF prior to version 9.7. The issue is a resource-management vulnerability where data is created for each page at the application level, leading to memory consumption. The supplied documents describe the affected products and the root cause but do no...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 4:59 p.m.57 views

CVE-2019-20824

CVE-2019-20824 affects Foxit PhantomPDF prior to 8.3.11. The issue is a NULL pointer dereference in Epub processing caused by FXSYS_wcslen. Impact is described as a crash; no exploitation details are provided in the sources. Patch upgrade to 8.3.11 is the stated remedy.

7.5CVSS7.4AI score0.01544EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.57 views

CVE-2019-6732

Foxit PhantomPDF (and Foxit Reader) is affected by CVE-2019-6732 due to improper validation in AFParseDateEx, causing an out-of-bounds read that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be trigg...

6.5CVSS6.2AI score0.04088EPSS
CVE
CVE
added 2019/06/03 6:15 p.m.57 views

CVE-2019-6752

Foxit PhantomPDF flaw CVE-2019-6752: in Foxit PhantomPDF 9.3.10826, parsing of PDF documents allows read past end of an allocated object, enabling information disclosure. Remote attacker must persuade target to open a malicious page/file and may leverage this with other vulnerabilities to execute...

5.5CVSS5.4AI score0.02551EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.57 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.57 views

CVE-2021-27262

CVE-2021-27262 affects Foxit PhantomPDF 10.1.0.37527. The root cause is improper validation of data in U3D object handling within PDFs, causing an out-of-bounds read that can disclose sensitive information. The vulnerability enables information disclosure and, in combination with other flaws, cou...

4.3CVSS3.8AI score0.02023EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.57 views

CVE-2021-27271

CVE-2021-27271 affects Foxit PhantomPDF 10.1.0.37527. The issue is an out-of-bounds read in the handling of U3D objects in PDFs, allowing remote code execution with user interaction required (open a malicious file/page). Root cause: improper validation of user-supplied data in U3D processing. Exp...

7.8CVSS7.8AI score0.03304EPSS
CVE
CVE
added 2015/05/01 3:0 p.m.56 views

CVE-2015-3633

CVE-2015-3633 affects Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF prior to 7.1.5. The vulnerability allows remote denial of service via vectors related to digital signatures, caused by memory corruption. Affected components include the PDF handling and digital-signature paths. Imp...

5CVSS6.9AI score0.02691EPSS
CVE
CVE
added 2016/04/22 2:0 p.m.56 views

CVE-2016-4062

Foxit Reader and Foxit PhantomPDF prior to version 7.3.4 are affected by CVE-2016-4062 due to improper recursive handling of PDF format errors, allowing remote exploitation to cause a denial of service (application hang). Root cause: recursive format-error reporting. Impact is DoS; exploitation v...

5.5CVSS6AI score0.01377EPSS
CVE
CVE
added 2018/02/07 5:0 p.m.56 views

CVE-2016-6168

CVE-2016-6168 affects Foxit Reader and Foxit PhantomPDF 7.3.4.311 and earlier on Windows. A use-after-free in the PDF handling can lead to denial of service and arbitrary code execution via a crafted PDF. The issue is publicly documented across multiple sources; remediation is to update to Foxit ...

7.8CVSS7.7AI score0.03294EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.56 views

CVE-2017-8454

CVE-2017-8454 affects Foxit Reader before 8.2.1 and Foxit PhantomPDF before 8.2.1. The vulnerability is an out-of-bounds read triggered by a crafted font in a PDF, allowing remote attackers to obtain sensitive information or potentially execute arbitrary code. Connected sources corroborate the im...

8.8CVSS8.8AI score0.03939EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-11623

CVE-2018-11623 affects Foxit Reader 9.0.1.1049 where the vulnerability is in the addAdLayer method, causing a type-confusion condition that allows remote code execution when a user visits a malicious page or opens a malicious file, with user interaction required. The issue is documented in ZDI-18...

8.8CVSS8.8AI score0.02882EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-1174

CVE-2018-1174 affects Foxit Reader 9.0.0.29935 and is tied to the PrintParams bitmapDPI object. The root cause is uninitialized memory access in that handling, enabling information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, in c...

6.5CVSS6.5AI score0.02629EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14261

CVE-2018-14261 refers to a type-confusion vulnerability in Foxit Reader’s getTemplate method that enables remote code execution when a user opens a malicious file or visits a crafted page. The entry specifies that exploitation requires user interaction and can execute code with the current proces...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14268

Foxit Reader CVE-2018-14268 is a type-confusion remote code execution in the mailForm method of Foxit Reader (9.0.1.1049 and earlier). Exploitation requires user interaction (visiting a malicious page or opening a crafted file). The flaw enables code execution under the current process context an...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14272

CVE-2018-14272 affects Foxit Reader; a type confusion vulnerability in the removeIcon method can lead to remote code execution. The primary advisory notes that an attacker can exploit this by convincing a user to view a malicious page or open a malicious file, executing code in the current proces...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14277

CVE-2018-14277 affects Foxit Reader; the mailDoc method contains a type confusion that enables remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a file) and can run code with the current process privileges. Affected products are Foxit Reader befor...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14287

Foxit Reader (v9.0.1.1049) is affected by CVE-2018-14287 due to a type confusion in the handling of arguments passed to instanceManager.nodes.append. The flaw allows remote code execution with user interaction required (visiting a malicious page or opening a crafted file). Exploitation context is...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14293

CVE-2018-14293 affects Foxit Reader 9.1.0.5096 and earlier, where parsing of PDF documents can trigger a use-after-free in the PDF handling code, allowing remote code execution when a user opens a malicious file or visits a malicious page. The vulnerability requires user interaction and executes ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14298

CVE-2018-14298 affects Foxit Reader up to 9.0.1.5096 (Windows). The flaw is a use-after-free in Ink annotations processing, allowing arbitrary code execution when a user opens a poisoned document or visits a malicious page. Root cause: pointer reuse after free during document element manipulation...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14310

CVE-2018-14310 affects Foxit Reader (and related Foxit products) with a use-after-free in event handling that fails to validate the existence of an object before operating on it. Exploitation can allow remote code execution with user interaction required (visiting a malicious page or opening a ma...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.56 views

CVE-2018-14314

CVE-2018-14314 affects Foxit Reader 9.0.1.5096. The flaw is in the handling of annotations where the software fails to validate the existence of an object before operating on it, allowing remote attackers to execute arbitrary code in the current process. Exploitation requires user interaction (vi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.56 views

CVE-2018-17608

Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.56 views

CVE-2018-17615

Foxit Reader for Windows vulnerability CVE-2018-17615 affects Foxit Reader 9.0.1.5096. The flaw lies in Mouse Exit event handling and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting...

8.8CVSS7.8AI score0.03279EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17664

CVE-2018-17664 affects Foxit Reader 9.2.0.9297 and earlier in Windows, due to a flaw in the isCompatibleNS handling of an XFA object. The issue arises from not validating the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context o...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17692

CVE-2018-17692 affects Foxit PhantomPDF (and Foxit Reader) for Windows, specifically the HTML-to-PDF conversion path. The root cause is an out-of-bounds write stemming from inadequate validation of user-supplied data during HTML-to-PDF conversion, allowing remote code execution. Affected versions...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17698

CVE-2018-17698 affects Foxit PhantomPDF (Windows) with vulnerable 9.2.0.9297 and related builds. The flaw is in the handling of the richValue property of a text field, arising from not validating the existence of an object before performing operations. This use-after-free scenario enables remote ...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17700

CVE-2018-17700 affects Foxit PhantomPDF 9.2.0.9297 (Windows). The root cause is a flaw in handling of Array.prototype.concat due to insufficient validation of user-supplied data, allowing a read past the end of an allocated object. This leads to remote code execution in the context of the current...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2020/06/04 4:32 p.m.56 views

CVE-2018-21238

CVE-2018-21238 affects Foxit PhantomPDF up to version 8.3.7, where a call involving ArrayBuffer(0xfffffffe) enables memory consumption. The connected documents confirm the vulnerability but do not provide concrete details on root cause, affected components beyond the product/version line, exploit...

7.5CVSS7.5AI score0.01044EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.56 views

CVE-2018-5679

CVE-2018-5679 affects Foxit Reader and Foxit PhantomPDF prior to 9.1. The flaw is in processing of PDF files with embedded u3d images due to insufficient validation, causing a read past end of an allocated object and enabling arbitrary code execution in the current process. The issue is exploitab...

8.8CVSS8.6AI score0.04056EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.56 views

CVE-2018-9942

The CVE-2018-9942 entry concerns Foxit Reader (v9.0.0.29935) and the XFA record removal path. The connected sources confirm a type-confusion vulnerability that enables remote code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or...

8.8CVSS8.8AI score0.03226EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.56 views

CVE-2019-6727

CVE-2019-6727 involves Foxit Reader (XFA remerge method) where a failure to validate the existence of an object before operating on it enables remote code execution after user visits a malicious page or opens a malicious file. The issue is characterized as a use-after-free/invalid object handling...

8.8CVSS8.8AI score0.0415EPSS
CVE
CVE
added 2021/03/30 2:35 p.m.56 views

CVE-2021-27267

CVE-2021-27267 — Foxit PhantomPDF 10.1.0.37527 is affected by a vulnerability in the handling of U3D objects in PDF files. The flaw arises from not validating the existence of a target object before performing operations on it, which can allow an attacker to execute arbitrary code in the context ...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2017/03/14 9:2 a.m.55 views

CVE-2017-6883

The CVE-2017-6883 issue affects Foxit Reader (before 8.2.1) and Foxit PhantomPDF (before 8.2.1) on Windows, via the ConvertToPDF plugin when gflags is enabled. A crafted TIFF image can trigger an out-of-bounds read, causing application crash and potential information disclosure; attacker could le...

4.7CVSS6.7AI score0.03378EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-10486

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-1175

CVE-2018-1175 affects Foxit Reader 9.0.0.29935. The flaw is in the handling of the interactive attribute of PrintParams objects, arising from lack of proper memory initialization. This leads to information disclosure, with remote attackers able to access sensitive data; exploitation requires user...

6.5CVSS6.5AI score0.02704EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.55 views

CVE-2018-1178

The CVE-2018-1178 entry relates to Foxit Reader 9.0.0.29935, where the vulnerability resides in the addField handling and results from not validating the existence of an object before performing operations. This is a remote code execution vulnerability that an attacker can exploit after convincin...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14264

CVE-2018-14264 is a type confusion remote-code-execution vulnerability in Foxit Reader (importAnFDF method). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code in the current process. Affected products include Foxit Reader versions ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14266

CVE-2018-14266 affects Foxit Reader (notably 9.0.1.1049 and earlier) and is caused by a flaw in the importDataObject method that leads to a type confusion. An attacker can trigger this remotely by convincing a user to visit a malicious page or open a malicious file, initiating remote code executi...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14271

The CVE-2018-14271 entry describes a type-confusion remote code execution in Foxit Reader, caused by the removeField method. The flaw allows code execution in the current process context and requires user interaction (visiting a malicious page or opening a malicious file). Affected products inclu...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14283

CVE-2018-14283 affects Foxit Reader (Windows) versions older than 9.2.0.9097. The flaw is in the highlightMode attribute and stems from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that enables remote code execution under the ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14297

CVE-2018-14297 affects Foxit Reader (and Foxit PhantomPDF in some listings). The vulnerability is a use-after-free in the processing of FreeText annotations, where manipulating a document’s elements can cause a freed pointer to be reused, enabling remote code execution. Exploitation requires user...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.55 views

CVE-2018-14307

CVE-2018-14307 affects Foxit Reader (e.g., 9.0.1.5096; CNVD lists 9.1.0.5096 and earlier) due to a use-after-free in the processing of Link objects, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction. Related advisories (ZDI-18-767; OpenV...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.55 views

CVE-2018-16292

Summary of CVE-2018-16292 (Foxit Reader/PhantomPDF) : A use-after-free vulnerability in the JavaScript engine of Foxit Reader (before 9.3) and PhantomPDF (before 9.3) can be triggered by a specially crafted PDF to reuse a previously freed object, enabling arbitrary code execution. An attacker mus...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.55 views

CVE-2018-17609

Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.55 views

CVE-2018-17610

Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.55 views

CVE-2018-17683

Foxit Reader 9.2.0.9297 (and earlier per CNVD) is affected by a vulnerability in the createIcon handling of an app object. The flaw is a lack of validation for object existence before operations, leading to remote code execution. User interaction is required (visiting a malicious page or opening ...

8.8CVSS7.8AI score0.03855EPSS
Total number of security vulnerabilities549