90 matches found
CVE-2021-38571
CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...
CVE-2019-5006
CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...
CVE-2018-21241
CVE-2018-21241 affects Foxit PhantomPDF before 8.3.6, where an untrusted search path allows a DLL to execute remote code. According to sources, the vulnerability is triggered in affected PhantomPDF versions prior to 8.3.6 and can lead to remote code execution on the system. The CVSS details indic...
CVE-2018-21242
CVE-2018-21242 affects Foxit PhantomPDF prior to 8.3.6, allowing Remote Code Execution via GoToE or GoToR actions. The issue concerns the handling of GoTo actions that can trigger code execution, with impacted versions before 8.3.6. CVSS results in the connected data show a high impact (C/H/I/A =...
CVE-2019-20818
CVE-2019-20818 affects Foxit Reader and PhantomPDF prior to version 9.7. The issue is a resource-management vulnerability where data is created for each page at the application level, leading to memory consumption. The supplied documents describe the affected products and the root cause but do no...
CVE-2019-20824
CVE-2019-20824 affects Foxit PhantomPDF prior to 8.3.11. The issue is a NULL pointer dereference in Epub processing caused by FXSYS_wcslen. Impact is described as a crash; no exploitation details are provided in the sources. Patch upgrade to 8.3.11 is the stated remedy.
CVE-2019-20828
CVE-2019-20828 affects Foxit Reader and PhantomPDF prior to version 9.6. The vulnerability is a buffer overflow caused by a looping correction that does not occur after JavaScript updates Field APs, leading to potential memory corruption. Multiple sources corroborate the issue across vendor advis...
CVE-2020-26535
Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...
CVE-2020-26539
Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...
CVE-2018-17608
Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...
CVE-2018-17610
Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...
CVE-2018-21238
CVE-2018-21238 affects Foxit PhantomPDF up to version 8.3.7, where a call involving ArrayBuffer(0xfffffffe) enables memory consumption. The connected documents confirm the vulnerability but do not provide concrete details on root cause, affected components beyond the product/version line, exploit...
CVE-2019-20835
Foxit Reader and PhantomPDF prior to 9.5 are affected by a homograph mishandling issue. CVSSv3.1 base score 4.3 (NETWORK attack, USER INTERACTION required; I=LOW) per provided records. No explicit root cause, exploit details, or remediation are stated in the documents; no detailed impact beyond t...
CVE-2018-17609
Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...
CVE-2019-20826
The CVE-2019-20826 issue affects Foxit PhantomPDF for Mac (3.3) and Foxit Reader for Mac prior to 3.3. The root cause is a NULL pointer dereference in the affected code path. Public descriptions in the connected sources only confirm the existence and nature of the vulnerability; they do not provi...
CVE-2019-20827
CVE-2019-20827 affects Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3, with a stack-consumption issue arising from interaction between ICC-Based color space and Alternate color space. The NVD score indicates high severity (CVSS v3.1: 9.8, network exploit, no user interaction). No ex...
CVE-2019-20836
Foxit Reader and Foxit PhantomPDF prior to 9.5 are affected by a cloud credentials mishandling vulnerability. Multiple sources (including CNVD-2020-32457, RH/CVE-2019-20836, NVD, CNVD, and others) describe an issue where cloud credentials are mishandled, demonstrated via Google Drive, potentially...
CVE-2018-21243
Foxit PhantomPDF vulnerable prior to 8.3.6 due to COM object mishandling when Microsoft Word is used. The issue affects PhantomPDF
CVE-2020-13807
The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...
CVE-2020-13814
Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...
CVE-2018-17611
CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...
CVE-2019-20815
Foxit PhantomPDF prior to 8.3.12 has a vulnerability where stack consumption can occur via nested function calls during XML parsing, potentially leading to a crash. Affected product: Foxit PhantomPDF (before 8.3.12). Root cause: stack exhaustion in XML parsing, as described in CVE-2019-20815. Imp...
CVE-2019-5005
CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...
CVE-2020-13815
CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...
CVE-2020-26536
Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...
CVE-2019-20833
Foxit PhantomPDF before version 8.3.10 contains a cloud credential mishandling vulnerability (CVE-2019-20833). The issue affects PhantomPDF and can allow access to documents on Google Drive due to improper handling of cloud credentials. The connected sources (Red Hat, CNVD, NVD, CVE listings) con...
CVE-2020-13804
The CVE-2020-13804 issue affects Foxit Reader and PhantomPDF (pre-9.7.2). The vulnerability stems from the DocuSign plugin, allowing disclosure of a hardcoded username and password, resulting in a potential information disclosure impacting confidentiality (per the documented CVSS metrics). Affect...
CVE-2020-13809
Foxit Reader and PhantomPDF prior to version 9.7.2 contain a resource management vulnerability where long strings in the content stream can cause resource exhaustion (DoS). Affected products are Foxit Reader and Foxit PhantomPDF. The underlying issue is triggered by overlong content stream string...
CVE-2021-33794
CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...
CVE-2019-20819
CVE-2019-20819 affects Foxit Reader and PhantomPDF versions before 9.7. The vulnerability arises from nested function calls during XML parsing, causing stack exhaustion and potentially crashing the application. Remediation: upgrade to Foxit Reader/PhantomPDF 9.7 or newer. Other sources reiterate ...
CVE-2020-13805
The CVE-2020-13805 entry concerns Foxit Reader and PhantomPDF prior to 9.7.2 where the CAS login service does not limit login failures, enabling brute-force attack attempts. Concrete details across connected sources confirm the affected products (Foxit Reader/PhantomPDF) and the root cause (unlim...
CVE-2018-17607
CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...
CVE-2019-20820
CVE-2019-20820 affects Foxit Reader and Foxit PhantomPDF prior to version 9.7. The issue is a NULL pointer dereference during parsing of file data, which can lead to a crash/denial of service as described across multiple sources. Affected component: PDF file data parsing within Foxit’s reader/pdf...
CVE-2019-20829
Foxit Reader and PhantomPDF are affected by CVE-2019-20829 due to a NULL pointer dereference in FXSYS_wcslen while processing EPUB files, impacting versions before 9.6. This can cause the application to crash. Remediation: upgrade to Foxit 9.6 or later (as indicated by multiple connected sources).
CVE-2020-13808
CVE-2020-13808 affects Foxit Reader and PhantomPDF prior to 9.7.2. The issue enables resource consumption via crafted cross-reference stream data, described as a resource management vulnerability that can lead to denial of service. The public documents do not provide exploitation details or concr...
CVE-2020-26534
CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...
CVE-2019-20817
Foxit Reader and PhantomPDF prior to v9.7 are affected by a NULL pointer dereference in the code paths described across multiple sources. The issue is triggered in the products Foxit Reader and Foxit PhantomPDF before version 9.7; upgrading to 9.7 or later is the stated mitigation. The connected ...
CVE-2020-13806
CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...
CVE-2020-13803
CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...
CVE-2020-13810
The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...