Phantompdf Security Vulnerabilities and Issues — Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

41 matches found

CVE•added 2020/06/04 5:15 p.m.•59 views

CVE-2019-20825

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.

9.8CVSS9.4AI score0.00023EPSS

CVE•added 2020/06/04 4:15 p.m.•50 views

CVE-2019-20813

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 5:15 p.m.•48 views

CVE-2019-20823

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

7.5CVSS7.8AI score0.00019EPSS

CVE•added 2020/06/04 5:15 p.m.•48 views

CVE-2019-20837

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.

7.5CVSS7.5AI score0.00007EPSS

CVE•added 2020/06/04 5:15 p.m.•47 views

CVE-2018-21239

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

5.3CVSS5.2AI score0.0001EPSS

CVE•added 2020/06/04 5:15 p.m.•47 views

CVE-2018-21241

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.

7.8CVSS7.7AI score0.0002EPSS

CVE•added 2020/06/04 5:15 p.m.•47 views

CVE-2019-20832

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.

4.3CVSS4.7AI score0.00031EPSS

CVE•added 2020/06/04 5:15 p.m.•46 views

CVE-2018-21237

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

5.3CVSS5.3AI score0.0001EPSS

CVE•added 2020/06/04 4:15 p.m.•46 views

CVE-2019-20814

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2018-21240

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2018-21244

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.

9.8CVSS9.3AI score0.0005EPSS

CVE•added 2020/06/04 4:15 p.m.•45 views

CVE-2019-20816

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.

7.5CVSS7.5AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2019-20828

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

7.5CVSS7.7AI score0.00022EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2019-20834

An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.

7.5CVSS7.5AI score0.00007EPSS

CVE•added 2020/06/04 4:15 p.m.•44 views

CVE-2019-20818

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 5:15 p.m.•43 views

CVE-2018-21242

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.

9.8CVSS9.5AI score0.03645EPSS

CVE•added 2020/06/04 4:15 p.m.•43 views

CVE-2019-20821

An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•43 views

CVE-2019-20826

An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•42 views

CVE-2019-20824

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

7.5CVSS7.4AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•41 views

CVE-2018-21238

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2020/06/04 5:15 p.m.•41 views

CVE-2018-21243

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.

6.5CVSS6.4AI score0.00038EPSS

CVE•added 2020/06/04 5:15 p.m.•40 views

CVE-2019-20830

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2020/06/04 5:15 p.m.•40 views

CVE-2019-20835

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.

4.3CVSS4.6AI score0.00048EPSS

CVE•added 2020/06/04 5:15 p.m.•40 views

CVE-2019-20836

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.

7.5CVSS7.5AI score0.00015EPSS

CVE•added 2020/06/04 4:15 p.m.•39 views

CVE-2020-13814

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.

9.8CVSS9.3AI score0.00027EPSS

CVE•added 2020/06/04 5:15 p.m.•38 views

CVE-2019-20827

An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.

9.8CVSS9.4AI score0.00023EPSS

CVE•added 2020/06/04 5:15 p.m.•38 views

CVE-2019-20833

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

7.5CVSS7.5AI score0.00013EPSS

CVE•added 2020/06/04 3:15 p.m.•38 views

CVE-2020-13809

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 3:15 p.m.•37 views

CVE-2020-13807

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 4:15 p.m.•37 views

CVE-2020-13815

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.

7.5CVSS7.4AI score0.00018EPSS

CVE•added 2020/06/04 3:15 p.m.•36 views

CVE-2020-13805

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

9.8CVSS9.3AI score0.00015EPSS

CVE•added 2020/06/04 4:15 p.m.•35 views

CVE-2019-20815

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

7.5CVSS7.5AI score0.00026EPSS

CVE•added 2020/06/04 4:15 p.m.•35 views

CVE-2019-20819

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

7.5CVSS7.5AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•35 views

CVE-2019-20829

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

7.5CVSS7.4AI score0.00021EPSS

CVE•added 2020/06/04 3:15 p.m.•35 views

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.

9.8CVSS9AI score0.00034EPSS

CVE•added 2020/06/04 4:15 p.m.•34 views

CVE-2019-20817

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 3:15 p.m.•34 views

CVE-2020-13806

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.

7.5CVSS7.6AI score0.00052EPSS

CVE•added 2020/06/04 3:15 p.m.•34 views

CVE-2020-13808

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2020/06/04 4:15 p.m.•33 views

CVE-2019-20820

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.

7.5CVSS7.5AI score0.00026EPSS

CVE•added 2020/06/04 3:15 p.m.•31 views

CVE-2020-13803

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.

7.5CVSS7.5AI score0.00007EPSS

CVE•added 2020/06/04 3:15 p.m.•30 views

CVE-2020-13810

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

7.5CVSS7.5AI score0.00007EPSS