Lucene search
K

90 matches found

CVE
CVE
added 2021/08/11 9:14 p.m.59 views

CVE-2021-38571

CVE-2021-38571 affects Foxit Reader and Foxit PhantomPDF prior to 10.1.4, where a DLL hijacking issue allows an attacker-controlled DLL to be loaded locally. The root cause is a registration and loading path flaw that enables hijacking of the Dynamic Link Library, potentially impacting confidenti...

7.8CVSS7.5AI score0.00547EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.58 views

CVE-2019-5006

CVE-2019-5006 affects Foxit Reader and PhantomPDF for Windows prior to 9.4; the issue is a NULL pointer dereference during PDF parsing. The NVD entry lists CVSSv3 base score 5.5 (MEDIUM) with LOCAL exploit, LOW attack complexity, user interaction required, and HIGH impact on availability. The ava...

5.5CVSS6AI score0.0095EPSS
CVE
CVE
added 2020/06/04 4:29 p.m.57 views

CVE-2018-21241

CVE-2018-21241 affects Foxit PhantomPDF before 8.3.6, where an untrusted search path allows a DLL to execute remote code. According to sources, the vulnerability is triggered in affected PhantomPDF versions prior to 8.3.6 and can lead to remote code execution on the system. The CVSS details indic...

7.8CVSS7.7AI score0.00792EPSS
CVE
CVE
added 2020/06/04 4:23 p.m.57 views

CVE-2018-21242

CVE-2018-21242 affects Foxit PhantomPDF prior to 8.3.6, allowing Remote Code Execution via GoToE or GoToR actions. The issue concerns the handling of GoTo actions that can trigger code execution, with impacted versions before 8.3.6. CVSS results in the connected data show a high impact (C/H/I/A =...

9.8CVSS9.5AI score0.02232EPSS
CVE
CVE
added 2020/06/04 3:47 p.m.57 views

CVE-2019-20818

CVE-2019-20818 affects Foxit Reader and PhantomPDF prior to version 9.7. The issue is a resource-management vulnerability where data is created for each page at the application level, leading to memory consumption. The supplied documents describe the affected products and the root cause but do no...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 4:59 p.m.57 views

CVE-2019-20824

CVE-2019-20824 affects Foxit PhantomPDF prior to 8.3.11. The issue is a NULL pointer dereference in Epub processing caused by FXSYS_wcslen. Impact is described as a crash; no exploitation details are provided in the sources. Patch upgrade to 8.3.11 is the stated remedy.

7.5CVSS7.4AI score0.01544EPSS
CVE
CVE
added 2020/06/04 4:54 p.m.57 views

CVE-2019-20828

CVE-2019-20828 affects Foxit Reader and PhantomPDF prior to version 9.6. The vulnerability is a buffer overflow caused by a looping correction that does not occur after JavaScript updates Field APs, leading to potential memory corruption. Multiple sources corroborate the issue across vendor advis...

7.5CVSS7.7AI score0.01522EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.57 views

CVE-2020-26535

Foxit Reader and PhantomPDF (pre-10.1) contain CVE-2020-26535. The issue arises when TslAlloc tries to allocate thread-local storage and receives an unacceptable index, causing V8 to throw an exception that leads to write and read access violations. Affected products are Foxit Reader and PhantomP...

9.8CVSS8.7AI score0.01717EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.56 views

CVE-2020-26539

Foxit Reader and PhantomPDF (before v10.1) contain a use-after-free condition triggered by a multiple interpretation error for /V in the Additional Action and Field dictionaries, enabling remote code execution or an information leak. The issue is documented in CVE-2020-26539 with CVSS scores indi...

9.8CVSS9.6AI score0.02232EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.55 views

CVE-2018-17608

Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.55 views

CVE-2018-17610

Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2020/06/04 4:32 p.m.55 views

CVE-2018-21238

CVE-2018-21238 affects Foxit PhantomPDF up to version 8.3.7, where a call involving ArrayBuffer(0xfffffffe) enables memory consumption. The connected documents confirm the vulnerability but do not provide concrete details on root cause, affected components beyond the product/version line, exploit...

7.5CVSS7.5AI score0.01044EPSS
CVE
CVE
added 2020/06/04 4:44 p.m.55 views

CVE-2019-20835

Foxit Reader and PhantomPDF prior to 9.5 are affected by a homograph mishandling issue. CVSSv3.1 base score 4.3 (NETWORK attack, USER INTERACTION required; I=LOW) per provided records. No explicit root cause, exploit details, or remediation are stated in the documents; no detailed impact beyond t...

4.3CVSS4.6AI score0.00969EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.54 views

CVE-2018-17609

Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2020/06/04 4:58 p.m.54 views

CVE-2019-20826

The CVE-2019-20826 issue affects Foxit PhantomPDF for Mac (3.3) and Foxit Reader for Mac prior to 3.3. The root cause is a NULL pointer dereference in the affected code path. Public descriptions in the connected sources only confirm the existence and nature of the vulnerability; they do not provi...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 4:55 p.m.54 views

CVE-2019-20827

CVE-2019-20827 affects Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3, with a stack-consumption issue arising from interaction between ICC-Based color space and Alternate color space. The NVD score indicates high severity (CVSS v3.1: 9.8, network exploit, no user interaction). No ex...

9.8CVSS9.4AI score0.01717EPSS
CVE
CVE
added 2020/06/04 4:43 p.m.54 views

CVE-2019-20836

Foxit Reader and Foxit PhantomPDF prior to 9.5 are affected by a cloud credentials mishandling vulnerability. Multiple sources (including CNVD-2020-32457, RH/CVE-2019-20836, NVD, CNVD, and others) describe an issue where cloud credentials are mishandled, demonstrated via Google Drive, potentially...

7.5CVSS7.5AI score0.0157EPSS
CVE
CVE
added 2020/06/04 4:22 p.m.53 views

CVE-2018-21243

Foxit PhantomPDF vulnerable prior to 8.3.6 due to COM object mishandling when Microsoft Word is used. The issue affects PhantomPDF

6.5CVSS6.4AI score0.009EPSS
CVE
CVE
added 2020/06/04 2:48 p.m.53 views

CVE-2020-13807

The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 3:36 p.m.53 views

CVE-2020-13814

Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...

9.8CVSS9.3AI score0.01717EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.52 views

CVE-2018-17611

CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2020/06/04 3:38 p.m.52 views

CVE-2019-20815

Foxit PhantomPDF prior to 8.3.12 has a vulnerability where stack consumption can occur via nested function calls during XML parsing, potentially leading to a crash. Affected product: Foxit PhantomPDF (before 8.3.12). Root cause: stack exhaustion in XML parsing, as described in CVE-2019-20815. Imp...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2019/01/03 11:0 p.m.52 views

CVE-2019-5005

CVE-2019-5005 affects Foxit Reader and PhantomPDF for Windows, prior to version 9.4. The vulnerability is a memory corruption issue where two bytes are written to the end of allocated memory without ensuring it won’t cause corruption, leading to a possible denial of service (application crash). T...

5.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2020/06/04 3:37 p.m.52 views

CVE-2020-13815

CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...

7.5CVSS7.4AI score0.0153EPSS
CVE
CVE
added 2020/10/02 8:1 a.m.52 views

CVE-2020-26536

Foxit Reader and PhantomPDF prior to 10.1 are affected by CVE-2020-26536 due to a NULL pointer dereference triggered by a crafted PDF document. The publicly documented impact is a crash (availability impact), with CVSS indicating a LOCAL exploit requiring user interaction (per NVIDIA/3.1 metrics)...

5.5CVSS5.4AI score0.00918EPSS
CVE
CVE
added 2020/06/04 4:49 p.m.51 views

CVE-2019-20833

Foxit PhantomPDF before version 8.3.10 contains a cloud credential mishandling vulnerability (CVE-2019-20833). The issue affects PhantomPDF and can allow access to documents on Google Drive due to improper handling of cloud credentials. The connected sources (Red Hat, CNVD, NVD, CVE listings) con...

7.5CVSS7.5AI score0.01488EPSS
CVE
CVE
added 2020/06/04 2:38 p.m.51 views

CVE-2020-13804

The CVE-2020-13804 issue affects Foxit Reader and PhantomPDF (pre-9.7.2). The vulnerability stems from the DocuSign plugin, allowing disclosure of a hardcoded username and password, resulting in a potential information disclosure impacting confidentiality (per the documented CVSS metrics). Affect...

9.8CVSS9AI score0.01608EPSS
CVE
CVE
added 2020/06/04 2:50 p.m.51 views

CVE-2020-13809

Foxit Reader and PhantomPDF prior to version 9.7.2 contain a resource management vulnerability where long strings in the content stream can cause resource exhaustion (DoS). Affected products are Foxit Reader and Foxit PhantomPDF. The underlying issue is triggered by overlong content stream string...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2021/08/11 7:28 p.m.50 views

CVE-2021-33794

CVE-2021-33794 affects Foxit Reader and PhantomPDF before 10.1.4. The issue arises from mishandling the Tab key during XFA form interactions, leading to information disclosure or an application crash. Reported across multiple sources (NVD, Red Hat, CVE catalogs, and regional bulletins) with impac...

9.1CVSS8.7AI score0.01105EPSS
CVE
CVE
added 2020/06/04 3:47 p.m.49 views

CVE-2019-20819

CVE-2019-20819 affects Foxit Reader and PhantomPDF versions before 9.7. The vulnerability arises from nested function calls during XML parsing, causing stack exhaustion and potentially crashing the application. Remediation: upgrade to Foxit Reader/PhantomPDF 9.7 or newer. Other sources reiterate ...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/06/04 2:40 p.m.49 views

CVE-2020-13805

The CVE-2020-13805 entry concerns Foxit Reader and PhantomPDF prior to 9.7.2 where the CAS login service does not limit login failures, enabling brute-force attack attempts. Concrete details across connected sources confirm the affected products (Foxit Reader/PhantomPDF) and the root cause (unlim...

9.8CVSS9.3AI score0.01512EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.48 views

CVE-2018-17607

CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2020/06/04 3:48 p.m.48 views

CVE-2019-20820

CVE-2019-20820 affects Foxit Reader and Foxit PhantomPDF prior to version 9.7. The issue is a NULL pointer dereference during parsing of file data, which can lead to a crash/denial of service as described across multiple sources. Affected component: PDF file data parsing within Foxit’s reader/pdf...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 4:53 p.m.48 views

CVE-2019-20829

Foxit Reader and PhantomPDF are affected by CVE-2019-20829 due to a NULL pointer dereference in FXSYS_wcslen while processing EPUB files, impacting versions before 9.6. This can cause the application to crash. Remediation: upgrade to Foxit 9.6 or later (as indicated by multiple connected sources).

7.5CVSS7.4AI score0.01544EPSS
CVE
CVE
added 2020/06/04 2:53 p.m.48 views

CVE-2020-13808

CVE-2020-13808 affects Foxit Reader and PhantomPDF prior to 9.7.2. The issue enables resource consumption via crafted cross-reference stream data, described as a resource management vulnerability that can lead to denial of service. The public documents do not provide exploitation details or concr...

7.5CVSS7.5AI score0.0153EPSS
CVE
CVE
added 2020/10/02 8:2 a.m.48 views

CVE-2020-26534

CVE-2020-26534 affects Foxit Reader and PhantomPDF (pre-10.1). The issue is a use-after-free in an Opt object related to Field::ClearItems and Field::DeleteOptions during AcroForm JavaScript execution. Connected sources describe a resource management/use-after-free vulnerability that could crash ...

9.8CVSS9.4AI score0.02394EPSS
CVE
CVE
added 2020/06/04 3:44 p.m.46 views

CVE-2019-20817

Foxit Reader and PhantomPDF prior to v9.7 are affected by a NULL pointer dereference in the code paths described across multiple sources. The issue is triggered in the products Foxit Reader and Foxit PhantomPDF before version 9.7; upgrading to 9.7 or later is the stated mitigation. The connected ...

7.5CVSS7.5AI score0.01544EPSS
CVE
CVE
added 2020/06/04 2:47 p.m.46 views

CVE-2020-13806

CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...

7.5CVSS7.6AI score0.02131EPSS
CVE
CVE
added 2020/06/04 2:33 p.m.45 views

CVE-2020-13803

CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...

7.5CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2020/06/04 2:55 p.m.43 views

CVE-2020-13810

The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...

7.5CVSS7.5AI score0.01052EPSS
Total number of security vulnerabilities90