Lucene search
K
FoxitsoftwarePhantompdf

549 matches found

CVE
CVE
added 2018/05/17 3:0 p.m.53 views

CVE-2018-9957

The CVE-2018-9957 issue affects Foxit Reader 9.0.1.1049. It stems from the handling of XFA Button elements: during parsing of arguments passed to the resetData method, the code does not properly validate the existence of an object before performing operations, enabling a remote attacker to execut...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.53 views

CVE-2019-6731

Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...

8.8CVSS8.7AI score0.03719EPSS
CVE
CVE
added 2020/06/04 2:48 p.m.53 views

CVE-2020-13807

The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 3:36 p.m.53 views

CVE-2020-13814

Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...

9.8CVSS9.3AI score0.01717EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.53 views

CVE-2020-26536

Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...

5.5CVSS5.4AI score0.00918EPSS
CVE
CVE
added 2021/08/11 7:28 p.m.53 views

CVE-2021-33794

CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...

9.1CVSS8.7AI score0.01105EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-10492

This CVE affects Foxit Reader 9.0.0.29935, with an out-of-bounds read vulnerability in the U3D Clod Progressive Mesh Continuation parsing that allows remote information disclosure. Exploitation requires user interaction (the target must open a malicious page or file). The issue stems from insuffi...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14241

CVE-2018-14241 affects Foxit Reader (9.0.1.1049) and is a type-confusion/remote code execution flaw in the addAnnot method. Exploitation requires user interaction (the target visits a malicious page or opens a malicious file); an attacker can trigger the type confusion via JavaScript to execute c...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14245

CVE-2018-14245 affects Foxit Reader (e.g., version 9.0.1.1049) and is caused by a type confusion in the closeDoc method. An attacker can trigger remote code execution by convincing a user to open a malicious page or file, with user interaction required. Documented advisories (ZDI-18-705 and relat...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14263

Foxit Reader (and Foxit PhantomPDF) are affected by a getVersionID type-confusion vulnerability that allows remote code execution when a user visits a malicious page or opens a malicious file. The flaw is triggered by JavaScript actions and runs with the current process context; exploitation requ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14274

CVE-2018-14274 affects Foxit Reader (notably 9.0.1.1049 in the NVD entry). The flaw is a type confusion in the scroll method that can be triggered via JavaScript actions, enabling remote code execution under the current process when a user visits a malicious page or opens a malicious file. Multip...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.52 views

CVE-2018-14301

Foxit Reader is affected by a Sound annotations use-after-free remote code execution vulnerability (CVE-2018-14301). Exploitation requires user interaction (visiting a malicious page or opening a crafted file) and can lead to arbitrary code execution in the context of the current process. The fla...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.52 views

CVE-2018-16295

Summary (CVE-2018-16295): A use-after-free in Foxit Reader/PhantomPDF JavaScript engine (versions before 9.3) can be triggered by a specially crafted PDF, leading to arbitrary code execution. The attacker must persuade the user to open the malicious PDF; if a browser plugin is enabled, visiting a...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.52 views

CVE-2018-17611

CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.52 views

CVE-2018-17620

CVE-2018-17620 affects Foxit Reader 9.0.1.5096 on Windows. The vulnerability stems from flawed handling of Calculate events where the software fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User inte...

8.8CVSS7.8AI score0.03814EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17626

Summary: Foxit Reader shows a text box handling flaw that can lead to remote code execution. The root cause is a use-after-free-like issue in the TextBox Validate event path where code does not verify that the target object exists before operating on it. This allows an attacker to run arbitrary c...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17640

The CVE-2018-17640 issue affects Foxit Reader 9.2.0.9297 and earlier, where a failure to validate the existence of an object before manipulating the Form count property leads to a use-after-free condition. This allows remote code execution if a user visits a malicious page or opens a malicious fi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17651

Foxit Reader 9.2.0.9297 contains a use-after-free/invalid object access flaw in the TimeField getItemState handler, where code executes without validating the existence of the object. This can allow remote code execution when a user opens a malicious file or visits a crafted page, as described by...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17654

Foxit Reader on Windows (versions up to 9.2.0.9297) is affected by a vulnerability in the XFA Form Model insertInstance handling. The flaw is a use-after-free due to lack of validating object existence before operations, enabling remote code execution if a user opens a malicious file or visits a ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17661

CVE-2018-17661 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the messageBox method of the Host object, stemming from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17668

CVE-2018-17668 affects Foxit Reader 9.2.0.9297 and earlier. The flaw is in the handling of the removeAttribute method of an XFA object, caused by not validating the existence of the object before performing operations. This can allow remote code execution in the context of the current process and...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17679

Foxit Reader 9.2.0.9297 and earlier versions are affected by CVE-2018-17679, a PDF parsing vulnerability that allows remote code execution via a use-after-free in document element handling. The flaw can be triggered when a user opens a malicious file or visits a malicious page, enabling code exec...

8.8CVSS7.8AI score0.04576EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17680

CVE-2018-17680 affects Foxit Reader 9.2.0.9297 (Windows). The vulnerability is in the handling of the style property of a Field object, due to missing validation before operations, leading to use-after-free and remote code execution. Exploitation requires user interaction (visiting a malicious pa...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17695

CVE-2018-17695 affects Foxit PhantomPDF (notably version 9.2.0.9297 and earlier per CNVD) where a use-after-free/memory misreference in the TextField username handling allows remote code execution. The flaw arises from not validating object existence before operations, enabling an attacker to run...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.52 views

CVE-2018-17704

Foxit Reader 9.2.0.9297 is affected by a textColor handling flaw in RadioButton objects that leads to remote code execution. The issue arises from not validating the existence of an object before performing operations, effectively a use-after-free/NULL dereference type bug. Exploitation requires ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.52 views

CVE-2018-7407

CVE-2018-7407 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is a type confusion caused by insufficient validation while rendering U3D images in PDFs , allowing remote code execution. An attacker must entice the user to open a malicious page or file (user interaction r...

8.8CVSS8.7AI score0.04008EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9936

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the parsing of XFA field elements that causes a type confusion condition. The issue allows remote code execution under the current process context and requires user interaction (visiting a malicious page or opening a malicious file). This...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.52 views

CVE-2018-9976

CVE-2018-9976 affects Foxit Reader 9.0.0.29935. The vulnerability is an out-of-bounds read during parsing of Texture objects in U3D files caused by insufficient validation of user-supplied data, leading to potential disclosure of sensitive information. It requires user interaction (visiting a mal...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/06/04 3:38 p.m.52 views

CVE-2019-20815

Foxit PhantomPDF prior to 8.3.12 has a vulnerability where stack consumption can occur via nested function calls during XML parsing, potentially leading to a crash. Affected product: Foxit PhantomPDF (before 8.3.12). Root cause: stack exhaustion in XML parsing, as described in CVE-2019-20815. Imp...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.52 views

CVE-2019-5005

CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...

5.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2020/06/04 3:37 p.m.52 views

CVE-2020-13815

CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...

7.5CVSS7.4AI score0.0153EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10475

Foxit Reader 9.0.0.29935 is affected by an out-of-bounds read in the parsing of U3D Light Node structures. The flaw, caused by insufficient validation, can disclose sensitive information on the current system. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10487

Foxit Reader 9.0.0.29935 is affected by CVE-2018-10487 due to an out-of-bounds read while parsing U3D files embedded in PDFs. The flaw stems from improper validation of user-supplied data, allowing a read past the end of an allocated object and resulting in information disclosure. Exploitation re...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-10488

CVE-2018-10488 affects Foxit Reader 9.0.0.29935. The issue is a heap-based buffer overflow in parsing U3D Texture Width structures caused by insufficient validation of user-supplied data, allowing remote code execution when a user visits a malicious page or opens a malicious file. Exploitation re...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14269

The CVE-2018-14269 issue is a type confusion vulnerability in Foxit Reader’s print method that allows remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and JavaScript actions trigger the fault, executing code in the current proce...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2018-14306

CVE-2018-14306 affects Foxit Reader (and Foxit PhantomPDF) prior to 9.2.0.9097. A use-after-free in the handling/processing of button objects (pointer reuse after free) can be triggered when a user visits a malicious page or opens a malicious file, allowing remote code execution under the process...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.51 views

CVE-2018-17638

CVE-2018-17638 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the getAttribute handling where the code does not verify object existence before performing operations, enabling remote code execution in the context of the current process when a user opens a malicious file or ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.51 views

CVE-2018-17693

This CVE concerns Foxit PhantomPDF 9.2.0.9297 and earlier on Windows, where the HTML to PDF conversion path can trigger an out-of-bounds read due to improper validation of user-supplied HTML data. The vulnerability allows remote code execution in the context of the current process and requires us...

8.8CVSS8.7AI score0.03855EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9935

Foxit Reader 8.3.2.25013 is affected by a remote code execution vulnerability in the addField method. The root cause is failing to validate the existence of an object before operating on it, leading to potential code execution under the current process context. Public sources (ZDI-18-319) describ...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9959

CVE-2018-9959 affects Foxit Reader 9.0.1.1049. The flaw is in parsing the pageNum document attribute, caused by failing to validate object existence before performing operations. This enables remote code execution with user interaction (target must open a malicious page or file), executing code i...

8.8CVSS8.8AI score0.02773EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.51 views

CVE-2018-9979

Foxit Reader 9.0.0.29935 is affected by a vulnerability in parsing Texture Continuation objects in U3D files that can disclose sensitive information. The root cause is improper validation of user-supplied data, leading to a read past the end of an allocated object. Exploitation requires user inte...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2020/06/04 4:49 p.m.51 views

CVE-2019-20833

Foxit PhantomPDF before version 8.3.10 contains a cloud credential mishandling vulnerability (CVE-2019-20833). The issue affects PhantomPDF and can allow access to documents on Google Drive due to improper handling of cloud credentials. The connected sources (Red Hat, CNVD, NVD, CVE listings) con...

7.5CVSS7.5AI score0.01488EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.51 views

CVE-2019-6735

CVE-2019-6735 affects Foxit Reader. A vulnerability in PDF file processing causes an out-of-bounds read due to lack of proper validation of user-supplied data, potentially disclosing sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious fi...

6.5CVSS6.2AI score0.0429EPSS
CVE
CVE
added 2020/06/04 2:38 p.m.51 views

CVE-2020-13804

The CVE-2020-13804 issue affects Foxit Reader and PhantomPDF (pre-9.7.2). The vulnerability stems from the DocuSign plugin, allowing disclosure of a hardcoded username and password, resulting in a potential information disclosure impacting confidentiality (per the documented CVSS metrics). Affect...

9.8CVSS9AI score0.01608EPSS
CVE
CVE
added 2020/06/04 2:50 p.m.51 views

CVE-2020-13809

Foxit Reader and PhantomPDF prior to version 9.7.2 contain a resource management vulnerability where long strings in the content stream can cause resource exhaustion (DoS). Affected products are Foxit Reader and Foxit PhantomPDF. The underlying issue is triggered by overlong content stream string...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.51 views

CVE-2021-31445

CVE-2021-31445 describes a buffer/read-out-of-bounds in Foxit Reader 10.1.1.37576 related to handling of U3D objects in PDFs. The flaw arises from insufficient validation of user-supplied data, enabling a read past the end of an allocated object. An attacker could leverage this, in conjunction wi...

4.3CVSS3.4AI score0.02023EPSS
CVE
CVE
added 2021/05/07 8:16 p.m.51 views

CVE-2021-31446

Foxit Reader 10.1.1.37576 is affected by CVE-2021-31446 due to an out-of-bounds read in the handling of U3D objects embedded in PDF files. The flaw arises from insufficient validation of data, enabling a read past the end of an allocated object. Exploitation requires user interaction (the target ...

4.3CVSS3.4AI score0.02682EPSS
CVE
CVE
added 2017/05/03 5:13 a.m.50 views

CVE-2017-8455

Foxit Reader and Foxit PhantomPDF (prior to 8.2.1) are affected by an out-of-bounds read triggered by a crafted font in a PDF, potentially revealing sensitive data or allowing arbitrary code execution. Impact is remote code execution or information disclosure in the context of the vulnerable proc...

7.8CVSS8.4AI score0.04079EPSS
CVE
CVE
added 2018/05/17 3:0 p.m.50 views

CVE-2018-10476

Foxit Reader 9.0.0.29935 is affected by an information-disclosure vulnerability in the U3D Model Node parsing. The issue stems from improper validation of user-supplied data, causing a read past the end of an allocated structure (out-of-bounds read). An attacker can leverage this by convincing a ...

6.5CVSS6.5AI score0.02536EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.50 views

CVE-2018-14244

Foxit Reader is affected by CVE-2018-14244 (also listed in ZDI as ZDI-18-704). The flaw is a type-confusion in the calculateNow method, exploitable via JavaScript actions that trigger the vulnerability and lead to remote code execution. Exploitation requires user interaction (visiting a malicious...

8.8CVSS8.8AI score0.02773EPSS
Total number of security vulnerabilities549