90 matches found
CVE-2019-14213
CVE-2019-14213 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. Impact is a crash/DoS vector as described in multiple sources. Remediation: upgrade to version 8.3.11 or later wh...
CVE-2019-14207
CVE-2019-14207 affects Foxit PhantomPDF prior to 8.3.11. The issue is a crash caused by an infinite loop in the clone function, arising from confused relationships between a child and parent object due to an append error. This results in a denial of service-like crash when cloning objects. The vu...
CVE-2019-14211
CVE-2019-14211 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by lack of proper validation for the existence of an object before performing operations on it during JavaScript execution. The impact stated is application crash (availability) with exploitation tied to JavaScript...
CVE-2019-14215
The vulnerability CVE-2019-14215 affects Foxit PhantomPDF before 8.3.11, where calling xfa.event.rest in XFA JavaScript can crash the application due to accessing a wild pointer. Affected component: PhantomPDF’s XFA/JavaScript handling. Impact stated as crash (partial availability impact per CVSS...
CVE-2019-14208
CVE-2019-14208 affects Foxit PhantomPDF prior to 8.3.10. The issue is a NULL pointer dereference that can crash the application when extracting a PDF object from a document or when parsing a portfolio containing a null dictionary. This vulnerability is documented across multiple sources (NVD/NVD-...
CVE-2019-14212
CVE-2019-14212 affects Foxit PhantomPDF before 8.3.11. The issue is a NULL pointer dereference when executing certain XFA JavaScript, arising from inadequate validation of an object, which can cause the application to crash. Impact in the associated records is limited to crashes; exploitation det...
CVE-2019-14214
Foxit PhantomPDF
CVE-2019-14210
CVE-2019-14210 affects Foxit PhantomPDF before 8.3.10. The issue is a memory corruption vulnerability caused by an invalid pointer copy from a destructed string object, as described in multiple sources. Affected component is Foxit PhantomPDF (Windows), with the underlying cause being improper han...
CVE-2019-14209
Foxit PhantomPDF before 8.3.10 is affected by CVE-2019-14209, which causes a Heap Corruption due to data desynchrony when adding AcroForm. The issue is described as a heap corruption vulnerability impacting the product, with CVSS v3.0 vector indicating network access, no user interaction, and hig...
CVE-2020-35931
Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...
CVE-2021-33792
CVE-2021-33792 affects Foxit Reader prior to 10.1.4 and Foxit PhantomPDF prior to 10.1.4. The root cause is an out-of-bounds write triggered by a crafted /Size key in the Trailer dictionary. Public references consistently describe a buffer/space issue leading to memory corruption in these PDF pro...
CVE-2021-38574
CVE-2021-38574 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is a SQL injection vulnerability triggered by crafted data at the end of a string in database-related processing. Affected components/locations are not further specified in the provided material. Impact is describ...
CVE-2018-20315
CVE-2018-20315 affects Foxit Reader prior to 9.5 and Foxit PhantomPDF prior to 8.3.10 or 9.x prior to 9.5. A race condition in these products can lead to a stack-based buffer overflow or an out-of-bounds read. The available documents identify the vulnerable components and the underlying issue but...
CVE-2021-33795
CVE-2021-33795 affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. The root cause is mishandling of the certificate name, document owner, and signature author in PDF signatures, resulting in incorrect document signatures. Reported impact indicates partial integrity impact with ...
CVE-2021-38570
CVE-2021-38570 affects Foxit Reader and Foxit PhantomPDF versions prior to 10.1.4. The issue allows an attacker to delete arbitrary files during uninstallation by abusing a symlink, enabling file deletion on the user’s system. Exploitation details are not provided in the supplied documents. The v...
CVE-2019-20825
CVE-2019-20825 affects Foxit PhantomPDF before 8.3.11, with an out-of-bounds write when Internet Explorer is used. The issue is detailed across multiple sources (NVD, Red Hat, CNVD, CVE listings) as a high-severity vulnerability (CVSSv3.1: 9.8, NETWORK, LOW attack complexity, NONE privileges, no ...
CVE-2019-20830
Foxit Reader and Foxit PhantomPDF versions before 9.6 contain an out-of-bounds write when Internet Explorer is used (CVE-2019-20830). Connected sources confirm the affected products and the root cause, but do not provide explicit exploitation details, vectors, or remediation steps. No additional ...
CVE-2021-38568
CVE-2021-38568 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4. The issue is memory corruption during the conversion of a PDF document to another format. Public sources consistently describe the vulnerability but do not provide explicit exploitation details or fixes beyond noting the af...
CVE-2021-38573
Foxit Reader and Foxit PhantomPDF are affected by CVE-2021-38573. The vulnerability arises from not validating the CombineFiles pathname, enabling arbitrary file writes via this component/file handling; affected product versions are prior to 10.1.4. The issue is described across multiple sources ...
CVE-2018-10302
CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...
CVE-2017-17557
CVE-2017-17557: Foxit Reader < 9.1 and Foxit PhantomPDF
CVE-2018-20311
CVE-2018-20311 affects Foxit Reader before 9.5 and Foxit PhantomPDF before 8.3.10 and 9.x before 9.5. The issue is a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. The description does not specify affected versions beyond those ranges or expl...
CVE-2018-10303
Foxit Reader and Foxit PhantomPDF before 9.1 are affected by a use-after-free vulnerability in Foxit’s PDF software that can allow remote code execution. The CVE-2018-10303 description ties to iDefense ID V-y0nqfutlf3. The connected documents do not provide exploitation details or a confirmed pat...
CVE-2018-14442
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free vulnerability that leads to Remote Code Execution. The connected documents consistently identify a memory misreference/UAF as the root cause and confirm impact as RCE. No exploit details or in-the-wild status are provided. Re...
CVE-2018-20313
Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9.5 are affected by a race condition in proxyPreviewAction that can cause a stack-based buffer overflow or an out-of-bounds read. The vulnerability is due to improper synchronization in the proxy action handling, enabling memory ...
CVE-2021-33793
The CVE-2021-33793 issue affects Foxit Reader before 10.1.4 and Foxit PhantomPDF before 10.1.4. It is an out-of-bounds write caused by mishandling of the Cross-Reference table during Office document conversion. Impact details are not elaborated beyond the out-of-bounds write; no exploitation spec...
CVE-2021-38569
Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...
CVE-2020-26540
Foxit Reader and Foxit PhantomPDF for macOS are affected by a code injection/information disclosure vulnerability in versions prior to 4.1. The root cause is that the Hardened Runtime protection is not applied to code signing, which can allow an attacker to inject code or leak information due to ...
CVE-2018-21240
CVE-2018-21240 affects Foxit Reader and PhantomPDF prior to version 9.2. The issue is a memory consumption flaw triggered by an ArrayBuffer(0xfffffffe) call in these products. Root cause is a memory handling vulnerability leading to resource exhaustion. Impact is partial availability degradation ...
CVE-2019-20823
Foxit PhantomPDF prior to 8.3.11 is affected by a buffer overflow due to a looping correction not occurring after JavaScript updates Field APs. The issue is described across multiple sources (NVD, Red Hat, CNVD, PRION, etc.) with the same root cause in Foxit PhantomPDF’s handling of Field AP upda...
CVE-2018-20309
CVE-2018-20309 affects Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10, plus 9.x builds prior to 9.5. The issue is a race condition in the proxyGetAppEdition path that can cause a stack-based buffer overflow or an out‑of‑bounds read. Impact is described in the CVE as memory corruption wi...
CVE-2019-20814
CVE-2019-20814 affects Foxit PhantomPDF before 8.3.12. The issue is a memory-allocation problem where data is created for each page at the application level, leading to memory consumption that can impact stability. The Red Hat/CNVD/CVE records corroborate the same root cause. No exploitation deta...
CVE-2019-20832
Foxit PhantomPDF is affected by CVE-2019-20832 due to homograph mishandling in versions before 8.3.10 (improper handling of homonyms). The issue is documented across multiple sources (including CNVD, Red Hat, NVD) with the same description; exploitation details and a confirmed patch/fix are not p...
CVE-2020-28203
CVE-2020-28203 affects Foxit Reader and PhantomPDF up to 10.1.0.37527, where opening a crafted PDF can trigger a null pointer dereference, causing the application to crash (denial of service). This is supported by multiple sources in the connected documents, including the NVD entry and vendor dis...
CVE-2018-20310
The connected CNVD-2021-04398 describes a vulnerability affecting Foxit Reader and Foxit PhantomPDF where a race condition can lead to a stack buffer overflow or an out-of-bounds read. The CVE-2018-20310 entry itself identifies Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9...
CVE-2018-20312
Affected software: Foxit Reader before 9.5; PhantomPDF before 8.3.10 and 9.x before 9.5. Root cause: a proxyDoAction race condition. Consequence: could cause a stack-based buffer overflow OR an out-of-bounds read. No remediation or exploitation status provided in the supplied documents.
CVE-2018-20314
CVE-2018-20314 affects Foxit Reader before 9.5 and PhantomPDF before 8.3.10 (and 9.x before 9.5). The underlying issue is a proxyCheckLicence race condition that can lead to a stack-based buffer overflow or an out-of-bounds read. Impacted products include Foxit Reader/PhantomPDF, with potential f...
CVE-2018-20316
CVE-2018-20316 concerns Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10 and 9.x prior to 9.5, where a proxyDoAction race condition can lead to a stack-based buffer overflow or an out-of-bounds read. This race condition is the underlying issue differentiating it from CVE-2018-20310 (diffe...
CVE-2018-21237
CVE-2018-21237 affects Foxit PhantomPDF prior to 8.3.7. The vulnerability enables NTLM credential theft via GoToE or GoToR actions in the affected PDF reader. The available connected records corroborate the issue and its attribution to Foxit PhantomPDF versions before 8.3.7, with multiple sources...
CVE-2019-20813
Foxit PhantomPDF prior to 8.3.12 is affected by CVE-2019-20813, a NULL pointer dereference issue. Affects Foxit PhantomPDF (versions before 8.3.12). The issue is described as a null pointer dereference; CVSS metrics in the source indicate a Network attack vector with no authentication, low attack...
CVE-2020-26537
CVE-2020-26537 affects Foxit Reader and PhantomPDF prior to version 10.1. The issue occurs in a shading calculation where the number of outputs does not match the color components in a color space, causing an out-of-bounds write. The connected sources confirm the affected product and the underlyi...
CVE-2021-38572
CVE-2021-38572 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where the extractPages pathname is not validated, allowing an attacker to write to arbitrary files. The connected documents confirm the affected products and the root cause (unvalidated extractPages pathname). No exploitati...
CVE-2018-21239
CVE-2018-21239 affects Foxit Reader and PhantomPDF before 9.2. The issue enables NTLM credential theft via a GoToE or GoToR action in PDFs. Root cause is information leakage via GoTo actions, leading to partial confidentiality impact per CVSS (2.0: 5.0, 3.1: 5.3). Affected products are Foxit Read...
CVE-2019-20816
CVE-2019-20816 : Foxit PhantomPDF before 8.3.12 contains a NULL pointer dereference during parsing of file data, impacting users of that product. The issue is documented across multiple feeds (NVD/NB Red Hat/EUVD/CNVD lists) with the same root cause. Affected software is Foxit PhantomPDF; vulnera...
CVE-2019-20837
CVE-2019-20837 affects Foxit Reader and PhantomPDF, prior to version 9.5. The issue allows signature validation bypass when a file is modified or uses non-standard signatures, enabling bypass of digital signature checks. The provided documents do not specify an exploit method or in-the-wild activ...
CVE-2019-20821
CVE-2019-20821 affects Foxit PhantomPDF Mac before 3.4. The vulnerability is a NULL pointer dereference in PhantomPDF Mac, as described in multiple sources (NVD, Red Hat, CNVD, Prion, CVE list). CVSS data from NVD indicates network attack vector with low complexity and no authentication required ...
CVE-2019-20834
The CVE-2019-20834 entry concerns Foxit PhantomPDF before 8.3.10, where a vulnerability allows a signature verification bypass when processing a modified file or a file with non-standard signatures. The Red Hat and CNVD records confirm the same issue affecting Foxit PhantomPDF; no exploitation de...
CVE-2019-5007
CVE-2019-5007 affects Foxit Reader and PhantomPDF for Windows prior to 9.4. It is a NULL pointer dereference during TIFF parsing that causes an out-of-bounds read, leading to information disclosure and a crash. The description in multiple sources confirms the vulnerability lies in TIFF data handl...
CVE-2020-26538
CVE-2020-26538 affects Foxit Reader and PhantomPDF prior to 10.1. The issue allows arbitrary code execution via a Trojan horse taskkill.exe placed in the current working directory, indicating a local-execution path likely dependent on the processing of external/ tampered files. The vulnerability ...
CVE-2018-21242
CVE-2018-21242 affects Foxit PhantomPDF prior to 8.3.6, allowing Remote Code Execution via GoToE or GoToR actions. The issue concerns the handling of GoTo actions that can trigger code execution, with impacted versions before 8.3.6. CVSS results in the connected data show a high impact (C/H/I/A =...