Phantompdf Security Vulnerabilities and Issues — Phantompdf CVE List

Lucene search

FoxitsoftwarePhantompdf

55 matches found

CVE•added 2021/06/16 11:15 p.m.•197 views

CVE-2021-31476

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ha...

7.8CVSS8AI score0.00376EPSS

CVE•added 2021/05/07 9:15 p.m.•127 views

CVE-2021-31461

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the ha...

7.8CVSS8.4AI score0.00261EPSS

CVE•added 2021/05/21 3:15 p.m.•80 views

CVE-2021-31473

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browse...

7.8CVSS8.4AI score0.01606EPSS

CVE•added 2021/07/09 6:15 p.m.•73 views

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.

7.8CVSS7.5AI score0.00035EPSS

CVE•added 2021/07/09 6:15 p.m.•65 views

CVE-2021-33795

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.

5.5CVSS5.6AI score0.00023EPSS

CVE•added 2021/08/11 10:15 p.m.•64 views

CVE-2021-38574

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.

9.8CVSS9.7AI score0.00028EPSS

CVE•added 2021/01/07 6:15 p.m.•61 views

CVE-2018-18688

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annot...

5.3CVSS5.8AI score0.00007EPSS

CVE•added 2021/02/12 12:15 a.m.•61 views

CVE-2020-27860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the proces...

7.8CVSS8AI score0.04567EPSS

CVE•added 2021/08/11 10:15 p.m.•59 views

CVE-2021-38570

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.

9.1CVSS9AI score0.0004EPSS

CVE•added 2021/08/11 10:15 p.m.•58 views

CVE-2021-38568

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2021/08/11 10:15 p.m.•58 views

CVE-2021-38573

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS

CVE•added 2021/01/07 6:15 p.m.•56 views

CVE-2018-20315

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•56 views

CVE-2021-31456

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2021/05/07 9:15 p.m.•56 views

CVE-2021-31458

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2021/03/30 3:15 p.m.•55 views

CVE-2021-27270

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pa...

7.8CVSS7.7AI score0.02959EPSS

CVE•added 2021/05/07 9:15 p.m.•54 views

CVE-2021-31450

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/05/07 9:15 p.m.•53 views

CVE-2021-31452

7.8CVSS8.4AI score0.01606EPSS

CVE•added 2021/05/07 9:15 p.m.•53 views

CVE-2021-31460

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2021/01/07 5:15 p.m.•52 views

CVE-2018-20311

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•52 views

CVE-2021-31459

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2021/05/07 9:15 p.m.•50 views

CVE-2021-31451

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/03/30 3:15 p.m.•49 views

CVE-2021-27261

7.8CVSS7.8AI score0.04567EPSS

CVE•added 2021/05/07 9:15 p.m.•49 views

CVE-2021-31455

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/03/30 3:15 p.m.•48 views

CVE-2021-27264

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

4.3CVSS3.8AI score0.03774EPSS

CVE•added 2021/03/30 3:15 p.m.•48 views

CVE-2021-27269

7.8CVSS7.8AI score0.04567EPSS

CVE•added 2021/01/07 6:15 p.m.•47 views

CVE-2018-20313

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•47 views

CVE-2021-31453

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/08/11 10:15 p.m.•47 views

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2021/08/11 10:15 p.m.•47 views

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

9.8CVSS9.3AI score0.00023EPSS

CVE•added 2021/01/07 5:15 p.m.•46 views

CVE-2018-20310

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•46 views

CVE-2018-20316

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31441

7.8CVSS8.4AI score0.02166EPSS

CVE•added 2021/05/07 9:15 p.m.•46 views

CVE-2021-31454

7.8CVSS8.5AI score0.02166EPSS

CVE•added 2021/08/11 8:15 p.m.•46 views

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

9.8CVSS9.5AI score0.00027EPSS

CVE•added 2021/08/11 10:15 p.m.•46 views

CVE-2021-38571

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

7.8CVSS7.5AI score0.00032EPSS

CVE•added 2021/01/07 5:15 p.m.•45 views

CVE-2018-20312

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•45 views

CVE-2018-20314

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•45 views

CVE-2021-31457

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2021/03/30 3:15 p.m.•44 views

CVE-2021-27271

7.8CVSS7.8AI score0.04545EPSS

CVE•added 2021/03/30 3:15 p.m.•42 views

CVE-2021-27262

4.3CVSS3.8AI score0.03774EPSS

CVE•added 2021/03/30 3:15 p.m.•42 views

CVE-2021-27265

4.3CVSS3.8AI score0.03774EPSS

CVE•added 2021/03/30 3:15 p.m.•41 views

CVE-2021-27267

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2021/03/30 3:15 p.m.•41 views

CVE-2021-27268

7.8CVSS7.8AI score0.03065EPSS

CVE•added 2021/03/30 3:15 p.m.•39 views

CVE-2021-27266

4.3CVSS3.8AI score0.03774EPSS

CVE•added 2021/01/07 5:15 p.m.•38 views

CVE-2018-20309

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/05/07 9:15 p.m.•38 views

CVE-2021-31442

7.8CVSS7.8AI score0.01606EPSS

CVE•added 2021/08/11 8:15 p.m.•37 views

CVE-2021-33794

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

9.1CVSS8.7AI score0.00027EPSS

CVE•added 2021/03/30 3:15 p.m.•36 views

CVE-2021-27263

4.3CVSS3.8AI score0.07133EPSS

CVE•added 2021/05/07 9:15 p.m.•36 views

CVE-2021-31446

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

4.3CVSS3.4AI score0.02844EPSS

CVE•added 2021/05/07 9:15 p.m.•35 views

CVE-2021-31448

4.3CVSS3.4AI score0.02145EPSS

Total number of security vulnerabilities55