549 matches found
CVE-2018-14245
CVE-2018-14245 affects Foxit Reader (e.g., version 9.0.1.1049) and is caused by a type confusion in the closeDoc method. An attacker can trigger remote code execution by convincing a user to open a malicious page or file, with user interaction required. Documented advisories (ZDI-18-705 and relat...
CVE-2018-9957
The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...
CVE-2019-6731
Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...
CVE-2020-13807
The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...
CVE-2020-13814
Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...
CVE-2020-26536
Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...
CVE-2021-33794
CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...
CVE-2018-10492
This CVE affects Foxit Reader 9.0.0.29935, with an out-of-bounds read vulnerability in the U3D Clod Progressive Mesh Continuation parsing that allows remote information disclosure. Exploitation requires user interaction (the target must open a malicious page or file). The issue stems from insuffi...
CVE-2018-14241
CVE-2018-14241 affects Foxit Reader (9.0.1.1049) and is a type-confusion/remote code execution flaw in the addAnnot method. Exploitation requires user interaction (the target visits a malicious page or opens a malicious file); an attacker can trigger the type confusion via JavaScript to execute c...
CVE-2018-14263
Foxit Reader (and Foxit PhantomPDF) are affected by a getVersionID type-confusion vulnerability that allows remote code execution when a user visits a malicious page or opens a malicious file. The flaw is triggered by JavaScript actions and runs with the current process context; exploitation requ...
CVE-2018-14274
CVE-2018-14274 affects Foxit Reader (notably 9.0.1.1049 in the NVD entry). The flaw is a type confusion in the scroll method that can be triggered via JavaScript actions, enabling remote code execution under the current process when a user visits a malicious page or opens a malicious file. Multip...
CVE-2018-14301
Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...
CVE-2018-16295
Summary (CVE-2018-16295): A use-after-free in Foxit Reader/PhantomPDF JavaScript engine (versions before 9.3) can be triggered by a specially crafted PDF, leading to arbitrary code execution. The attacker must persuade the user to open the malicious PDF; if a browser plugin is enabled, visiting a...
CVE-2018-17611
CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...
CVE-2018-17620
CVE-2018-17620 affects Foxit Reader 9.0.1.5096 on Windows. The vulnerability stems from flawed handling of Calculate events where the software fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User inte...
CVE-2018-17626
Summary: Foxit Reader shows a text box handling flaw that can lead to remote code execution. The root cause is a use-after-free-like issue in the TextBox Validate event path where code does not verify that the target object exists before operating on it. This allows an attacker to run arbitrary c...
CVE-2018-17640
The CVE-2018-17640 issue affects Foxit Reader 9.2.0.9297 and earlier, where a failure to validate the existence of an object before manipulating the Form count property leads to a use-after-free condition. This allows remote code execution if a user visits a malicious page or opens a malicious fi...
CVE-2018-17651
Foxit Reader 9.2.0.9297 contains a use-after-free/invalid object access flaw in the TimeField getItemState handler, where code executes without validating the existence of the object. This can allow remote code execution when a user opens a malicious file or visits a crafted page, as described by...
CVE-2018-17654
Foxit Reader on Windows (versions up to 9.2.0.9297) is affected by a vulnerability in the XFA Form Model insertInstance handling. The flaw is a use-after-free due to lack of validating object existence before operations, enabling remote code execution if a user opens a malicious file or visits a ...
CVE-2018-17661
CVE-2018-17661 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the messageBox method of the Host object, stemming from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...
CVE-2018-17668
CVE-2018-17668 affects Foxit Reader 9.2.0.9297 and earlier. The flaw is in the handling of the removeAttribute method of an XFA object, caused by not validating the existence of the object before performing operations. This can allow remote code execution in the context of the current process and...
CVE-2018-17679
Foxit Reader 9.2.0.9297 and earlier versions are affected by CVE-2018-17679, a PDF parsing vulnerability that allows remote code execution via a use-after-free in document element handling. The flaw can be triggered when a user opens a malicious file or visits a malicious page, enabling code exec...
CVE-2018-17680
CVE-2018-17680 affects Foxit Reader 9.2.0.9297 (Windows). The vulnerability is in the handling of the style property of a Field object, due to missing validation before operations, leading to use-after-free and remote code execution. Exploitation requires user interaction (visiting a malicious pa...
CVE-2018-17695
CVE-2018-17695 affects Foxit PhantomPDF (notably version 9.2.0.9297 and earlier per CNVD) where a use-after-free/memory misreference in the TextField username handling allows remote code execution. The flaw arises from not validating object existence before operations, enabling an attacker to run...
CVE-2018-17704
Foxit Reader 9.2.0.9297 is affected by a textColor handling flaw in RadioButton objects that leads to remote code execution. The issue arises from not validating the existence of an object before performing operations, effectively a use-after-free/NULL dereference type bug. Exploitation requires ...
CVE-2018-7407
CVE-2018-7407 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is a type confusion caused by insufficient validation while rendering U3D images in PDFs , allowing remote code execution. An attacker must entice the user to open a malicious page or file (user interaction r...
CVE-2018-9936
Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...
CVE-2018-9976
CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...
CVE-2019-20815
Foxit PhantomPDF prior to 8.3.12 has a vulnerability where stack consumption can occur via nested function calls during XML parsing, potentially leading to a crash. Affected product: Foxit PhantomPDF (before 8.3.12). Root cause: stack exhaustion in XML parsing, as described in CVE-2019-20815. Imp...
CVE-2019-5005
CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...
CVE-2020-13815
CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...
CVE-2018-10475
Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the parsing of U3D Light Node structures. The flaw, caused by insufficient validation, can disclose sensitive information on the current system. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...
CVE-2018-10487
Foxit Reader 9.0.0.29935 is affected by CVE-2018-10487 due to an out-of-bounds read while parsing U3D files embedded in PDFs. The flaw stems from improper validation of user-supplied data, allowing a read past the end of an allocated object and resulting in information disclosure. Exploitation re...
CVE-2018-10488
CVE-2018-10488 affects Foxit Reader 9.0.0.29935. The issue is a heap-based buffer overflow in parsing U3D Texture Width structures caused by insufficient validation of user-supplied data, allowing remote code execution when a user visits a malicious page or opens a malicious file. Exploitation re...
CVE-2018-14269
The CVE-2018-14269 issue is a type confusion vulnerability in Foxit Reader’s print method that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and JavaScript actions trigger the fault, executing code in the current proce...
CVE-2018-14306
CVE-2018-14306 affects Foxit Reader (and Foxit PhantomPDF) prior to 9.2.0.9097. A use-after-free in the handling/processing of button objects (pointer reuse after free) can be triggered when a user visits a malicious page or opens a malicious file, allowing remote code execution under the process...
CVE-2018-17638
CVE-2018-17638 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the getAttribute handling where the code does not verify object existence before performing operations, enabling remote code execution in the context of the current process when a user opens a malicious file or ...
CVE-2018-17693
This CVE concerns Foxit PhantomPDF 9.2.0.9297 and earlier on Windows, where the HTML to PDF conversion path can trigger an out-of-bounds read due to improper validation of user-supplied HTML data. The vulnerability allows remote code execution in the context of the current process and requires us...
CVE-2018-9935
Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the addField method. The root cause is failing to validate the existence of an object before operating on it, leading to potential code execution under the current process context. Public sources (ZDI-18-319) describ...
CVE-2018-9959
CVE-2018-9959 affects Foxit Reader 9.0.1.1049. The flaw is in parsing the pageNum document attribute, caused by failing to validate object existence before performing operations. This enables remote code execution with user interaction (target must open a malicious page or file), executing code i...
CVE-2018-9979
Foxit Reader 9.0.0.29935 is affected by a vulnerability in parsing Texture Continuation objects in U3D files that can disclose sensitive information. The root cause is improper validation of user-supplied data, leading to a read past the end of an allocated object. Exploitation requires user inte...
CVE-2019-20833
Foxit PhantomPDF before version 8.3.10 contains a cloud credential mishandling vulnerability (CVE-2019-20833). The issue affects PhantomPDF and can allow access to documents on Google Drive due to improper handling of cloud credentials. The connected sources (Red Hat, CNVD, NVD, CVE listings) con...
CVE-2019-6735
CVE-2019-6735 affects Foxit Reader. A vulnerability in PDF file processing causes an out-of-bounds read due to lack of proper validation of user-supplied data, potentially disclosing sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious fi...
CVE-2020-13804
The CVE-2020-13804 issue affects Foxit Reader and PhantomPDF (pre-9.7.2). The vulnerability stems from the DocuSign plugin, allowing disclosure of a hardcoded username and password, resulting in a potential information disclosure impacting confidentiality (per the documented CVSS metrics). Affect...
CVE-2020-13809
Foxit Reader and PhantomPDF prior to version 9.7.2 contain a resource management vulnerability where long strings in the content stream can cause resource exhaustion (DoS). Affected products are Foxit Reader and Foxit PhantomPDF. The underlying issue is triggered by overlong content stream string...
CVE-2021-31445
CVE-2021-31445 describes a buffer/read-out-of-bounds in Foxit Reader 10.1.1.37576 related to handling of U3D objects in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object. An attacker could leverage this, in conjunction wi...
CVE-2021-31446
Foxit Reader 10.1.1.37576 is affected by CVE-2021-31446 due to an out-of-bounds read in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of data, enabling a read past the end of an allocated object. Exploitation requires user interaction (the target ...
CVE-2017-8455
Foxit Reader and Foxit PhantomPDF (prior to 8.2.1) are affected by an out-of-bounds read triggered by a crafted font in a PDF, potentially revealing sensitive data or allowing arbitrary code execution. Impact is remote code execution or information disclosure in the context of the vulnerable proc...
CVE-2018-10476
Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D Model Node parsing. The issue stems from improper validation of user-supplied data, causing a read past the end of an allocated structure (out-of-bounds read). An attacker can leverage this by convincing a ...
CVE-2018-14244
Foxit Reader is affected by CVE-2018-14244 (also listed in ZDI as ZDI-18-704). The flaw is a type-confusion in the calculateNow method, exploitable via JavaScript actions that trigger the vulnerability and lead to remote code execution. Exploitation requires user interaction (visiting a malicious...