259 matches found
CVE-2019-17183
CVE-2019-17183 affects Foxit Reader prior to 9.7, enabling an access violation and crash when the system has insufficient memory. Public sources in the connected set confirm affected product/version and the crash behavior; remediation is to update to Foxit Reader 9.7 or newer. The connected docum...
CVE-2019-13320
Foxit Reader 9.5.0.20723 is affected by a vulnerability in AcroForms where the code fails to verify object existence before operations, enabling remote code execution via malicious page/file with user interaction. Multiple connected sources (ZDI-19-637, CNVD-2019-22460, RH-CVE-2019-13320, NVD/NVD...
CVE-2019-13319
Foxit Reader 9.5.0.20723 (and earlier) is affected by CVE-2019-13319 due to an XFA form processing flaw where the code fails to validate object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...
CVE-2019-13318
CVE-2019-13318 affects Foxit Reader 9.5.0.20723. The issue stems from the processing of the util.printf JavaScript method: the application mishandles the %p format parameter, allowing disclosure of heap addresses to the script. This information disclosure can be leveraged in conjunction with othe...
CVE-2019-13316
Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-13316. The flaw lies in the handling of Calculate actions where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user...
CVE-2019-13317
The CVE-2019-13317 entry concerns Foxit PhantomPDF. Affects PhantomPDF 9.5.0.20723 and earlier, with the root cause in the Calculate actions handling: the code performs operations on an object without first validating its existence. This leads to remote code execution in the context of the curren...
CVE-2019-6776
Foxit PhantomPDF 9.5.0.20723 and earlier are affected by a removeField/AcroForms watermark handling flaw. The vulnerability stems from not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious page or file. Multiple connec...
CVE-2019-13315
Foxit Reader (9.5.0.20723) is affected by CVE-2019-13315 due to a flaw in removeField where code executes without validating the target object’s existence. This leads to remote arbitrary code execution when a user opens a malicious file or visits a crafted page, with user interaction required. Th...
CVE-2019-6774
CVE-2019-6774 affects Foxit Reader 9.4.1.16828. The flaw is in deleteItemAt when processing AcroForms, caused by not validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process with user interaction required (visit...
CVE-2019-6775
Foxit Reader (9.5.0.20723) is affected by CVE-2019-6775. The vulnerability resides in the AcroForm exportValues path, caused by failing to verify the existence of an object before performing operations on it, enabling remote code execution in the current process. Exploitation requires user intera...
CVE-2021-31461
Foxit Reader 10.1.1.37576 is affected by a type-confusion vulnerability in the handling of app.media objects. The flaw stems from insufficient validation of user-supplied data, enabling remote attackers to execute arbitrary code in the target process after the user visits a malicious page or open...
CVE-2019-13331
CVE-2019-13331 affects Foxit Reader 9.5.0.20723. The flaw lies in JPG file parsing due to insufficient validation, allowing remote code execution with user interaction (target must visit a malicious page or open a malicious file). The issue is described across multiple sources (NVD/Red Hat PRION/...
CVE-2019-13332
Foxit Reader 9.6.0.25114 is affected by a vulnerability in XFA form template processing. The issue arises from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that can enable remote code execution. Exploitation requires user inte...
CVE-2019-13328
CVE-2019-13328 is a Foxit Reader vulnerability affecting the AcroForm handling. The flaw is caused by not validating the existence of an object before performing operations on it within Acroform fields, enabling remote code execution when a user visits a malicious page or opens a crafted file. Af...
CVE-2019-13326
CVE-2019-13326 affects Foxit Reader 9.5.0.20723. The vulnerability stems from processing AcroForm fields without validating object existence, enabling remote code execution when a user opens a malicious file or page. Exploitation requires user interaction. A fix is available via updating Foxit Re...
CVE-2020-8847
Foxit Reader 9.7.0.29455 is affected by CVE-2020-8847 due to a JPEG2000 parsing flaw that allows out-of-bounds writes in a component handling JPEG2000 data. The issue enables remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). The root caus...
CVE-2019-13329
Foxit Reader is affected by CVE-2019-13329. The vulnerability arises in the processing of TIF files due to incomplete validation of user-supplied data, causing a type confusion condition. It can allow remote attackers to execute arbitrary code in the context of the current process, with user inte...
CVE-2020-8857
CVE-2020-8857 affects Foxit Reader 9.7.0.29455 (and related versions in some records) where the flaw resides in parsing of form Annotation objects within AcroForms. The root cause is failure to validate the existence of an object before performing operations on it, leading to remote code executio...
CVE-2020-8849
Foxit Reader 9.7.0.29455 (and related versions) is affected by a JPEG2000 file parsing vulnerability that can lead to remote code execution. The flaw arises from improper validation of user-supplied data, causing a write past the end of an allocated structure in JPEG2000 processing. Exploitation ...
CVE-2019-13327
CVE-2019-13327 affects Foxit Reader 9.5.0.20723. The issue is a use-after-free-like flaw in AcroForm field processing, arising from failing to validate the existence of an object before operations, enabling arbitrary code execution in the current process when a user opens a malicious file/page. E...
CVE-2020-8845
Foxit PhantomPDF 9.6.0.25114 is affected by a remote code execution vulnerability in the AcroForms watermark handling. The flaw stems from not validating the existence of an object before performing operations on it, enabling an attacker to run code in the process context after user interaction (...
CVE-2019-13330
Foxit Reader CVE-2019-13330 affects Foxit Reader 9.5.0.20723. The flaw is in JPG file processing, caused by a lack of validation that leads to a type confusion and remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Connected advi...
CVE-2020-8851
Foxit Reader 9.7.0.29455 is affected by a JPEG2000 processing vulnerability that allows remote code execution via out-of-bounds write due to insufficient validation of data, requiring user interaction (visiting a malicious page or opening a malicious file). The issue (CVE-2020-8851) is documented...
CVE-2020-8852
CVE-2020-8852 affects Foxit Reader 9.7.0.29455 (and related records) with an out-of-bounds read in JPEG2000 file processing that can disclose sensitive information. Root cause: insufficient validation of user-supplied data leading to a read past the end of an allocated buffer. Attack requires use...
CVE-2020-8850
Foxit Reader is affected by a JPEG2000 parsing vulnerability (CVE-2020-8850) in versions around 9.7.0.29455 and earlier. The flaw stems from insufficient validation of user-supplied data during JPEG2000 processing, causing a write past the end of an allocated structure and enabling remote code ex...
CVE-2020-8856
CVE-2020-8856 (Foxit PhantomPDF) affects Foxit PhantomPDF 9.6.0.25608 and possibly earlier builds, with a flaw in the handling of watermarks. The root cause is the failure to validate the existence of an object before performing operations on it, enabling an attacker to execute arbitrary code in ...
CVE-2020-8853
Foxit PhantomPDF 9.7.0.29478 is vulnerable to a HTML2PDF conversion out-of-bounds write that can allow remote code execution. The flaw arises from insufficient validation of user-supplied data during HTML-to-PDF conversion, enabling a write past the end of an allocated structure. Exploitation req...
CVE-2021-31473
CVE-2021-31473 describes a remote code execution in Foxit Reader 10.1.3.37598. The issue, tied to the browseForDoc function, arises from improper validation of user-supplied data that can cause a write past the end of an allocated data structure. This allows an attacker to execute code in the tar...
CVE-2020-8844
Summary of CVE-2020-8844 (Foxit Reader) : The vulnerability affects Foxit Reader 9.6.0.25114, arising from improper validation in the JPEG parsing path used by ConvertToPDF. The flaw is an integer overflow caused by processing user-supplied data, which can lead to arbitrary code execution in the ...
CVE-2020-8848
Foxit Reader 9.7.0.29455 is affected by a JPEG2000 parsing vulnerability: a lack of input validation leads to an out-of-bounds write in processing JPEG2000 data, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The iss...
CVE-2020-8854
Foxit PhantomPDF is vulnerable to a JPEG-to-PDF conversion out-of-bounds write that can lead to remote code execution. Affected product: Foxit PhantomPDF 9.7.0.29478 (and earlier per CNVD), with the flaw caused by improper validation of user-supplied data during JPEG-to-PDF conversion, resulting ...
CVE-2019-5131
Foxit PDF Reader (Foxit Reader) is affected by a use-after-free vulnerability in the JavaScript engine for version 9.7.0.29435 (and possibly earlier per advisories). A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. Exploitation requires th...
CVE-2020-8855
Foxit PhantomPDF 9.7.0.2947 (and earlier versions) is affected by a use-after-free in fxhtml2pdf.exe that hinges on failing to validate the existence of an object before operations, enabling remote code execution when a user visits a crafted page or opens a malicious file. The issue allows code e...
CVE-2019-5130
CVE-2019-5130 is a use-after-free vulnerability in Foxit PDF Reader (JavaScript engine). Multiple connected sources (Talos: Foxit PDF Reader 9.7.0.29435; Red Hat/NVD: same code path) describe that a crafted PDF can trigger a freed object to be reused, enabling arbitrary code execution. The vulner...
CVE-2020-8846
CVE-2020-8846 affects Foxit PhantomPDF 9.6.0.25114 (and related) via a flaw in how text field objects are handled. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to trigger remote code execution. Some records describe it as a use‑...
CVE-2019-5126
CVE-2019-5126 affects Foxit PDF Reader (and related Foxit products) with an exploitable use-after-free in the JavaScript engine of Foxit Reader 9.7.0.29435. A specially crafted PDF can trigger a freed object reuse, enabling arbitrary code execution. Attack requires user action to open the malicio...
CVE-2019-5145
CVE-2019-5145 describes an exploitable use-after-free in the Foxit PDF Reader JavaScript engine (version 9.7.0.29435). The vulnerability occurs when a crafted PDF triggers reuse of a freed object, enabling arbitrary code execution. Impact is arbitrary code execution with high severity (per CVSS a...
CVE-2009-0836
Foxit Reader contains a remote code execution vulnerability (CVE-2009-0836) in which a crafted PDF can trigger an Open/Execute action without user confirmation. Affected products/versions include Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506 (including 1120 and 1301). The issue ari...
CVE-2019-5031
CVE-2019-5031 affects Foxit PDF Reader, version 9.4.1.16828. The vulnerability is a memory corruption in the V8/JavaScript engine that can be triggered by a specially crafted PDF, causing an out-of-memory condition and arbitrary code execution. Exploitation requires the user to open the malicious...
CVE-2020-10902
Foxit PhantomPDF 9.7.1.29511 is affected by a U3D object handling flaw that can cause a read past the end of an allocated structure, enabling remote code execution after user interaction. The issue (CVE-2020-10902) arises in the 3D/U3D processing path and is exploitable when a malicious file or p...
CVE-2020-10907
CVE-2020-10907 affects Foxit Reader (9.7.1.29511) and PhantomPDF via XFA widget processing. The root cause is missing validation of an object’s existence before operations in XFA forms, enabling arbitrary code execution when a user opens a malicious file/page or visits a crafted page. The issue i...
CVE-2020-15638
The CVE-2020-15638 entry affects Foxit PhantomPDF (version 9.7.2.29539) where the flaw in NodeProperties::InferReceiverMapsUnsafe arises from insufficient validation of user-supplied data, causing a type confusion condition. This can allow remote code execution in the context of the current proce...
CVE-2018-3942
CVE-2018-3942 is an exploitable use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Software) affecting version 9.1.0.5096. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. The vulnerability requires the user to open the malici...
CVE-2020-10901
CVE-2020-10901 affects Foxit PhantomPDF 9.7.1.29511. The vulnerability lies in U3D object handling in PDF files and results from insufficient validation of user-supplied data, causing a read past the end of an allocated object. It enables remote information disclosure and, when combined with othe...
CVE-2020-10908
CVE-2020-10908 affects Foxit PhantomPDF 9.7.0.29478. The issue is a type confusion in the Export command handling within the communication API, arising from insufficient validation of user-supplied data. It enables remote code execution in the context of the current process and requires user inte...
CVE-2018-20315
CVE-2018-20315 affects Foxit Reader prior to 9.5 and Foxit PhantomPDF prior to 8.3.10 or 9.x prior to 9.5. A race condition in these products can lead to a stack-based buffer overflow or an out-of-bounds read. The available documents identify the vulnerable components and the underlying issue but...
CVE-2018-3993
CVE-2018-3993 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader v9.2.0.9297). A specially crafted PDF can reuse a freed object, enabling arbitrary code execution. The attack requires user interaction (opening a malicious PDF); if a browser plugin extensio...
CVE-2020-10909
Foxit PhantomPDF (and related Foxit PDF products) is affected by CVE-2020-10909 due to a type-confusion in the AddWatermark handling of the communication API. The root cause is improper validation of user-supplied data, enabling remote code execution on the current process after user interaction ...
CVE-2018-3962
Foxit PDF Reader (version 9.1.0.5096) is affected by a use-after-free in the JavaScript engine when accessing CreationDate on this.info. The vulnerability can be triggered when a user opens a malicious PDF file, and, if the browser plugin extension is enabled, by visiting a malicious site. The do...
CVE-2020-10904
CVE-2020-10904 affects Foxit PhantomPDF (and Foxit Reader components) with a flaw in U3D object handling in PDF files, allowing remote code execution via write past the end of an allocated object. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) ...