Phantompdf@* Security Vulnerabilities and Issues — Phantompdf@* CVE List

Lucene search

FoxitsoftwarePhantompdf*

538 matches found

CVE•added 2021/06/16 11:15 p.m.•197 views

CVE-2021-31476

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ha...

7.8CVSS8AI score0.00376EPSS

CVE•added 2019/10/25 7:15 p.m.•175 views

CVE-2019-17139

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pro...

8.8CVSS8.8AI score0.01871EPSS

CVE•added 2019/10/04 6:15 p.m.•172 views

CVE-2019-13320

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the process...

7.8CVSS7.8AI score0.00606EPSS

CVE•added 2019/10/04 6:15 p.m.•165 views

CVE-2019-13319

7.8CVSS7.8AI score0.00606EPSS

CVE•added 2019/10/04 6:15 p.m.•162 views

CVE-2019-13318

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS5.5AI score0.00911EPSS

CVE•added 2019/10/04 6:15 p.m.•159 views

CVE-2019-13316

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the hand...

7.8CVSS7.8AI score0.0086EPSS

CVE•added 2019/10/04 6:15 p.m.•159 views

CVE-2019-13317

7.8CVSS7.8AI score0.0086EPSS

CVE•added 2019/10/04 6:15 p.m.•156 views

CVE-2019-6776

7.8CVSS7.6AI score0.00606EPSS

CVE•added 2019/10/04 6:15 p.m.•154 views

CVE-2019-6775

7.8CVSS7.8AI score0.00942EPSS

CVE•added 2019/10/04 6:15 p.m.•153 views

CVE-2019-6774

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteI...

7.8CVSS7.8AI score0.00942EPSS

CVE•added 2019/10/04 6:15 p.m.•152 views

CVE-2019-13315

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeFi...

7.8CVSS7.8AI score0.0086EPSS

CVE•added 2019/07/21 7:15 p.m.•148 views

CVE-2019-14213

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction.

7.5CVSS7.3AI score0.0006EPSS

CVE•added 2019/07/21 7:15 p.m.•134 views

CVE-2019-14207

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).

7.5CVSS7.3AI score0.00049EPSS

CVE•added 2019/07/21 7:15 p.m.•133 views

CVE-2019-14208

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.

7.5CVSS7.8AI score0.00035EPSS

CVE•added 2019/07/21 7:15 p.m.•133 views

CVE-2019-14215

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.

7.5CVSS7.3AI score0.00028EPSS

CVE•added 2019/07/21 7:15 p.m.•132 views

CVE-2019-14211

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.

7.5CVSS7.3AI score0.00021EPSS

CVE•added 2019/07/21 7:15 p.m.•130 views

CVE-2019-14210

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.

7.5CVSS7.8AI score0.00028EPSS

CVE•added 2019/07/21 7:15 p.m.•130 views

CVE-2019-14212

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.

7.5CVSS7.3AI score0.00047EPSS

CVE•added 2019/07/21 7:15 p.m.•130 views

CVE-2019-14214

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function.

7.5CVSS7.8AI score0.00028EPSS

CVE•added 2019/07/21 7:15 p.m.•127 views

CVE-2019-14209

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.

9.8CVSS9.3AI score0.00036EPSS

CVE•added 2021/05/07 9:15 p.m.•127 views

CVE-2021-31461

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the ha...

7.8CVSS8.4AI score0.00261EPSS

CVE•added 2020/02/14 6:15 p.m.•120 views

CVE-2020-8847

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the process...

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2018/05/17 3:29 p.m.•112 views

CVE-2018-9958

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS8.7AI score0.86753EPSS

CVE•added 2020/02/14 6:15 p.m.•112 views

CVE-2020-8857

7.8CVSS7.8AI score0.01231EPSS

CVE•added 2020/02/14 6:15 p.m.•110 views

CVE-2020-8845

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the hand...

7.8CVSS7.8AI score0.1639EPSS

CVE•added 2020/02/14 6:15 p.m.•110 views

CVE-2020-8849

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/02/14 6:15 p.m.•110 views

CVE-2020-8852

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS3.3AI score0.20378EPSS

CVE•added 2020/02/14 6:15 p.m.•102 views

CVE-2020-8853

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the con...

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/02/14 6:15 p.m.•101 views

CVE-2020-8850

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/02/14 6:15 p.m.•101 views

CVE-2020-8851

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/02/14 6:15 p.m.•101 views

CVE-2020-8856

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the hand...

7.8CVSS7.8AI score0.1639EPSS

CVE•added 2020/02/14 6:15 p.m.•98 views

CVE-2020-8844

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.8CVSS7.9AI score0.19285EPSS

CVE•added 2020/02/14 6:15 p.m.•91 views

CVE-2020-8848

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/02/14 6:15 p.m.•89 views

CVE-2020-8855

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxht...

7.8CVSS7.8AI score0.01933EPSS

CVE•added 2020/02/14 6:15 p.m.•87 views

CVE-2020-8854

7.8CVSS7.8AI score0.02412EPSS

CVE•added 2020/01/16 10:15 p.m.•86 views

CVE-2019-5131

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the...

8.8CVSS8.7AI score0.0742EPSS

CVE•added 2020/02/14 6:15 p.m.•85 views

CVE-2020-8846

7.8CVSS7.8AI score0.1639EPSS

CVE•added 2020/01/16 10:15 p.m.•84 views

CVE-2019-5130

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the ...

8.8CVSS8.7AI score0.03443EPSS

CVE•added 2020/01/16 10:15 p.m.•84 views

CVE-2019-5145

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the...

8.8CVSS8.7AI score0.0742EPSS

CVE•added 2020/12/31 9:15 p.m.•84 views

CVE-2020-35931

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Sub...

7.8CVSS7.6AI score0.00087EPSS

CVE•added 2020/01/16 10:15 p.m.•81 views

CVE-2019-5126

8.8CVSS8.7AI score0.05295EPSS

CVE•added 2019/10/02 4:15 p.m.•80 views

CVE-2019-5031

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.8AI score0.01021EPSS

CVE•added 2021/05/21 3:15 p.m.•80 views

CVE-2021-31473

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browse...

7.8CVSS8.4AI score0.01606EPSS

CVE•added 2020/04/22 9:15 p.m.•75 views

CVE-2020-10902

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...

7.8CVSS7.8AI score0.0284EPSS

CVE•added 2018/05/17 3:29 p.m.•73 views

CVE-2018-9948

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

6.5CVSS7.1AI score0.87518EPSS

CVE•added 2021/07/09 6:15 p.m.•73 views

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.

7.8CVSS7.5AI score0.00035EPSS

CVE•added 2020/04/22 9:15 p.m.•71 views

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2018/10/08 4:29 p.m.•69 views

CVE-2018-3942

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user t...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2020/04/22 9:15 p.m.•69 views

CVE-2020-10901

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS3.3AI score0.11393EPSS

CVE•added 2020/04/22 9:15 p.m.•68 views

CVE-2020-10893

7.8CVSS7.8AI score0.0284EPSS

Total number of security vulnerabilities538