549 matches found
CVE-2018-9951
Foxit Reader 9.0.0.29935 is affected by CVE-2018-9951, a CPDF_Object handling flaw that lacks validation of object existence, enabling remote code execution under the current process context. Exploit requires user interaction (visiting a malicious page or opening a malicious file). The issue is d...
CVE-2018-9955
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9955. The vulnerability resides in the XFA Button resolveNode method and is due to not validating the existence of an object before performing operations, enabling remote code execution under the current process when a user opens a malicious file/pa...
CVE-2018-9970
Foxit Reader 9.0.1.1049 is affected by CVE-2018-9970 due to a bug in the XFA execEvent method of Button elements. The vulnerability arises from failing to validate the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits ...
CVE-2019-20835
Foxit Reader and PhantomPDF prior to 9.5 are affected by a homograph mishandling issue. CVSSv3.1 base score 4.3 (NETWORK attack, USER INTERACTION required; I=LOW) per provided records. No explicit root cause, exploit details, or remediation are stated in the documents; no detailed impact beyond t...
CVE-2019-6728
The CVE-2019-6728 issue affects Foxit Reader (PDF processing path) and is due to an out-of-bounds read caused by inadequate validation of user-supplied data, resulting in a read past the end of an allocated buffer. This vulnerability can disclose sensitive information and, in conjunction with oth...
CVE-2019-6730
CVE-2019-6730 affects Foxit Reader (and PhantomPDF in some records) via the popUpMenu method. The root cause is failure to validate the existence of an object before performing operations, leading to a use-after-free/memory misreference . This allows remote attackers to execute arbitrary code in ...
CVE-2021-27266
CVE-2021-27266 affects Foxit PhantomPDF 10.1.0.37527. The issue arises from improper validation in the handling of U3D objects embedded in PDF files, leading to an out-of-bounds read (read past end of an allocated object). An attacker can leverage this in conjunction with other vulnerabilities to...
CVE-2016-8876
CVE-2016-8876 describes an out-of-bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, exploitable by a crafted TIFF image embedded in the XFA data stream of a PDF when the gflags tool is enabled. Successful exploitation can lead to remote arbitrary code execution with ...
CVE-2018-10479
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10479 due to an out-of-bounds read in parsing U3D Key Frame structures, causing information disclosure. The vulnerability allows remote attackers to disclose sensitive information and requires user interaction (visiting a malicious page or opening ...
CVE-2018-10484
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10484. The vulnerability stems from parsing U3D Node objects and is caused by a pointer that is not properly initialized before use, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a mali...
CVE-2018-10486
Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the U3D Image Index parsing, allowing remote disclosure of sensitive information. The issue arises from improper validation of user-supplied data and requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-11620
CVE-2018-11620 affects Foxit Reader (up to version 9.0.1.1049) with an out-of-bounds read in ConvertToPDF_x86.dll caused by insufficient validation of user-supplied data. This can disclose sensitive information and, in conjunction with other vulnerabilities, may enable arbitrary code execution in...
CVE-2018-1175
CVE-2018-1175 affects Foxit Reader 9.0.0.29935. The flaw is in the handling of the interactive attribute of PrintParams objects, arising from lack of proper memory initialization. This leads to information disclosure, with remote attackers able to access sensitive data; exploitation requires user...
CVE-2018-14242
CVE-2018-14242 is a type-confusion remote code execution vulnerability in Foxit Reader, fixed by updates after Foxit Reader 9.2.0.9097. The flaw resides in the addField method and can be triggered by JavaScript actions on a malicious page or file, requiring user interaction. Impact is arbitrary c...
CVE-2018-14251
Foxit Reader CVE-2018-14251 is a type-confusion remote code execution affecting Foxit Reader 9.0.1.1049. The flaw occurs in getDataObject and can be triggered via actions in JavaScript after the user visits a malicious page or opens a malicious file, enabling code execution in the current process...
CVE-2018-14259
CVE-2018-14259 is a type-confusion remote-code-execution vulnerability in Foxit Reader (affecting 9.0.1.1049). The flaw resides in getPageNthWordQuads and can be triggered via JavaScript when a user opens a malicious file or visits a crafted page, allowing code execution in the current process co...
CVE-2018-14276
Foxit Reader vulnerability CVE-2018-14276 arises from a type confusion in the submitForm method that allows remote code execution when a user visits a crafted page or opens a malicious file. The issue affects Foxit Reader (e.g., versions around 9.0.x), with escalation in the current advisories in...
CVE-2018-14289
CVE-2018-14289 affects Foxit Reader, including version 9.0.1.5096, with an out-of-bounds read in PDF document parsing that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be leveraged with other issues...
CVE-2018-14294
CVE-2018-14294 affects Foxit Reader; vulnerable component is the processing of FileAttachment annotations. An attacker can craft a document to trigger a use-after-free, enabling remote code execution in the current process after user opens a malicious file or visits a malicious page. Impact is re...
CVE-2018-14296
Foxit Reader Circle Annotation use-after-free remote-code-execution vulnerability (CVE-2018-14296) affects Foxit Reader 9.0.1.5096 and earlier; exploits require user interaction (open a malicious file/page). The flaw lies in processing Circle annotations, where a pointer can be reused after free,...
CVE-2018-14305
CVE-2018-14305 affects Foxit Reader (notably 9.0.1.5096) and allows remote code execution via manipulation of PolyLine annotations during document processing. The flaw is a use-after-free in the annotation handling, exploitable when a user opens a malicious file or visits a malicious page, with u...
CVE-2018-16291
CVE-2018-16291 affects Foxit Reader and Foxit PhantomPDF prior to version 9.3, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF to execute arbitrary code. The vulnerability can be exploited when a user opens a malicious PDF file; if the browser plugin is...
CVE-2018-16297
CVE-2018-16297 is a use-after-free in Foxit Reader/PhantomPDF’s JavaScript engine prior to 9.3. A specially crafted PDF can trigger object reuse for arbitrary code execution; user must open the file (or, with a browser plugin, visiting a malicious site could trigger it). Affected products: Foxit ...
CVE-2018-17609
Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...
CVE-2018-17616
CVE-2018-17616 affects Foxit Reader 9.0.1.5096 for Windows. The vulnerability arises in the handling of onBlur events where the code fails to validate the existence of an object before operating on it, enabling remote code execution when a user opens a malicious file or visits a malicious page. T...
CVE-2018-17625
CVE-2018-17625 affects Foxit Reader (Windows). The flaw is a use-after-free/memory misreference in handling the JavaScript setInterval() method where the code fails to verify object existence before operations, enabling remote code execution in the context of the current process. User interaction...
CVE-2018-17628
Foxit Reader (Windows) 9.2.0.9297 and earlier versions are affected by CVE-2018-17628. The flaw occurs in the XFA setInterval method due to not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits a crafted...
CVE-2018-17647
CVE-2018-17647 affects Foxit Reader 9.2.0.9297 for Windows, where the boundItem method of a TimeField can be mishandled due to not validating the existence of an object, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-17663
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17663 due to a memory misreference in the Host.importData path. The flaw stems from not validating the existence of an object before performing operations on it, allowing remote code execution when a user visits a malicious page or opens a malicious...
CVE-2018-17687
CVE-2018-17687 affects Foxit PhantomPDF (notably version 9.2.0.9297) and relates to the exportValues handling of a radio button. The flaw arises from not validating the existence of an object before performing operations, enabling remote code execution via a malicious page or file. Exploitation r...
CVE-2018-17696
Foxit Reader 9.2.0.9297 (and earlier) is affected by a dataObjects handling vulnerability that fails to validate object existence before operations, enabling remote code execution when a user opens a malicious file or visits a malicious page. The flaw allows code to run in the context of the curr...
CVE-2018-17781
Foxit PhantomPDF and Foxit Reader are affected: versions before 9.3 are vulnerable to an Uninitialized Object Information Disclosure caused by mishandling ArrayBuffer and DataView object creation. This allows remote attackers to obtain information without user interaction. No remediation details ...
CVE-2018-3995
CVE-2018-3995 affects Foxit PDF Reader (JS engine); a vulnerability in the JavaScript engine of Foxit PDF Reader 9.2.0.9297 allows a crafted PDF to trigger a previously freed object, enabling arbitrary code execution. The impact is contingent on successfully triggering the freed object reuse. Att...
CVE-2018-7406
CVE-2018-7406 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is in the PDF u3d image handling, due to insufficient validation of user-supplied data, causing an array-indexing issue that can lead to remote code execution. Exploitation requires user interaction (visiting...
CVE-2018-9952
The CVE-2018-9952 vulnerability affects Foxit Reader 9.0.1.1049 and is due to improper validation when handling XFA Button elements, specifically when setting the formattedValue attribute, allowing an attacker to execute code under the current process. Exploitation requires user interaction (visi...
CVE-2018-9965
Foxit Reader 9.0.1.1049 is affected by a Link.setAction vulnerability that allows remote code execution via crafted user interaction. The flaw arises from not validating an object’s existence before operations, enabling code execution in the current process. Exploitation details are associated wi...
CVE-2018-9977
The CVE-2018-9977 issue affects Foxit Reader 9.0.0.29935 and is caused by a parsing flaw in Modifier Chain objects within U3D files, where the software does not validate the existence of an object before performing operations. This leads to remote code execution with the attacker’s code running i...
CVE-2019-20826
The CVE-2019-20826 issue affects Foxit PhantomPDF for Mac (3.3) and Foxit Reader for Mac prior to 3.3. The root cause is a NULL pointer dereference in the affected code path. Public descriptions in the connected sources only confirm the existence and nature of the vulnerability; they do not provi...
CVE-2019-20827
CVE-2019-20827 affects Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3, with a stack-consumption issue arising from interaction between ICC-Based color space and Alternate color space. The NVD score indicates high severity (CVSS v3.1: 9.8, network exploit, no user interaction). No ex...
CVE-2019-20836
Foxit Reader and Foxit PhantomPDF prior to 9.5 are affected by a cloud credentials mishandling vulnerability. Multiple sources (including CNVD-2020-32457, RH/CVE-2019-20836, NVD, CNVD, and others) describe an issue where cloud credentials are mishandled, demonstrated via Google Drive, potentially...
CVE-2018-10489
Affected software: Foxit Reader 9.0.0.29935. Vulnerability: U3D Clod Progressive Mesh Declaration parsing flaw leading to an out-of-bounds write. Root cause: Lack of proper validation of user-supplied data in the U3D Mesh Declaration parsing, causing a write past the end of an allocated structure...
CVE-2018-10491
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10491 due to an out-of-bounds write in the parsing of U3D Bone Weight Modifier structures, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerability context is ...
CVE-2018-14270
CVE-2018-14270 = Foxit Reader remote code execution via removeDataObject type confusion. Affected: Foxit Reader 9.0.1.1049 (and older) with the vulnerability triggered by JavaScript actions on a malicious page or file; requires user interaction. Root cause is a type confusion in removeDataObject ...
CVE-2018-14282
CVE-2018-14282 affects Foxit Reader prior to 9.2.0.9097. The vulnerability is a FlateDecode stream handling issue caused by an uninitialized pointer, enabling remote code execution under the current process when a user opens a malicious file or visits a malicious page. Exploitation requires user ...
CVE-2018-14313
CVE-2018-14313 affects Foxit Reader (pre-9.2.0.9097) with a type-confusion vulnerability in PDF handling that enables remote code execution. The issue requires user interaction (visit a malicious page or open a malicious file) and can allow code execution in the current process. Related advisorie...
CVE-2018-17633
CVE-2018-17633 affects Foxit Reader 9.2.0.9297 and earlier for Windows. The flaw is in the handling of the Annotation object's subject property, where the code fails to validate the existence of an object before operating on it, leading to a use-after-free condition and remote code execution. Exp...
CVE-2018-17671
CVE-2018-17671 affects Foxit Reader for Windows (9.2.0.9297 and earlier). The vulnerability arises from improper validation in the handling of the Lower method of an XFA object, allowing an out-of-bounds read that can disclose sensitive information and enable code execution in the affected proces...
CVE-2018-21243
Foxit PhantomPDF vulnerable prior to 8.3.6 due to COM object mishandling when Microsoft Word is used. The issue affects PhantomPDF
CVE-2018-3996
CVE-2018-3996 concerns Foxit PDF Reader’s JavaScript engine. The vulnerability is a use-after-free in version 9.2.0.9297 that can be triggered by a crafted PDF document, allowing arbitrary code execution by reusing a freed object. An attacker must entice the user to open the malicious file; if a ...
CVE-2018-9957
The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...