Phantompdf Security Vulnerabilities and Issues — Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

3 matches found

CVE•added 2020/09/04 4:15 a.m.•45 views

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

8.1CVSS7.6AI score0.00075EPSS

CVE•added 2020/09/04 4:15 a.m.•45 views

CVE-2020-12247

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.

7.1CVSS6.6AI score0.00129EPSS

CVE•added 2020/09/04 4:15 a.m.•42 views

CVE-2020-12248

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.

8.8CVSS9AI score0.00527EPSS