Reader Security Vulnerabilities and Issues — Page 2 of Reader CVE List

7.8CVSS7.8AI score0.03065EPSS

CVE-2020-10900

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the process...

CVE-2020-10904

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...

7.8CVSS7.8AI score0.03065EPSS

CVE-2020-10906

CVE-2020-10908

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...

CVE•added 2020/04/22 9:15 p.m.•62 views

CVE-2020-10891

CVE•added 2020/04/22 9:15 p.m.•61 views

CVE-2020-10898

CVE•added 2020/04/22 9:15 p.m.•61 views

CVE-2020-10912

CVE•added 2016/10/31 10:59 a.m.•60 views

CVE-2016-8875

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in...

5.3CVSS6.4AI score0.00088EPSS

CVE•added 2020/04/22 9:15 p.m.•60 views

CVE-2020-10894

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS3.3AI score0.11393EPSS

CVE•added 2020/04/22 9:15 p.m.•60 views

CVE-2020-10895

CVE•added 2019/01/30 10:29 p.m.•59 views

CVE-2018-3956

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when co...

7.1CVSS6.7AI score0.11084EPSS

CVE•added 2017/01/06 9:59 p.m.•58 views

CVE-2016-8334

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.

6.8CVSS3.5AI score0.13461EPSS

CVE•added 2018/10/02 9:29 p.m.•58 views

CVE-2018-3943

8.8CVSS8.2AI score0.003EPSS

CVE•added 2018/10/02 9:29 p.m.•57 views

CVE-2018-3957

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this v...

8CVSS7.9AI score0.0022EPSS

CVE•added 2018/10/02 9:29 p.m.•57 views

CVE-2018-3961

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vu...

8CVSS7.9AI score0.06944EPSS

CVE•added 2020/04/22 9:15 p.m.•57 views

CVE-2020-10890

8.8CVSS8.8AI score0.01624EPSS

CVE•added 2020/08/20 1:17 a.m.•57 views

CVE-2020-15637

4.3CVSS3.8AI score0.00897EPSS

CVE•added 2021/01/07 6:15 p.m.•56 views

CVE-2018-20315

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2018/10/03 3:29 p.m.•56 views

CVE-2018-3946

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to...

8.8CVSS8.2AI score0.00268EPSS

CVE•added 2020/04/22 9:15 p.m.•56 views

CVE-2020-10892

8.8CVSS8.8AI score0.01624EPSS

CVE•added 2021/05/07 9:15 p.m.•56 views

CVE-2021-31456

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE•added 2021/05/07 9:15 p.m.•56 views

CVE-2021-31458

CVE•added 2018/10/08 4:29 p.m.•55 views

CVE-2018-3940

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.

8.8CVSS7.9AI score0.02803EPSS

CVE•added 2018/10/03 3:29 p.m.•54 views

CVE-2018-3966

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the u...

8CVSS8.3AI score0.15916EPSS

CVE•added 2020/04/22 9:15 p.m.•54 views

CVE-2020-10911

CVE•added 2018/10/02 9:29 p.m.•53 views

CVE-2018-3960

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this v...

8CVSS7.9AI score0.06944EPSS

CVE•added 2019/03/21 4:1 p.m.•53 views

CVE-2019-6734

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handl...

6.5CVSS6.2AI score0.00982EPSS

CVE•added 2020/04/22 9:15 p.m.•53 views

CVE-2020-10910

CVE•added 2021/05/07 9:15 p.m.•53 views

CVE-2021-31460

CVE•added 2021/01/07 5:15 p.m.•52 views

CVE-2018-20311

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2018/10/02 9:29 p.m.•52 views

CVE-2018-3958

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vu...

8CVSS7.9AI score0.0022EPSS

CVE•added 2018/10/03 3:29 p.m.•52 views

CVE-2018-3964

8CVSS8.3AI score0.16041EPSS

CVE•added 2018/10/03 3:29 p.m.•52 views

CVE-2018-3967

8CVSS8.3AI score0.16041EPSS

CVE•added 2020/04/22 9:15 p.m.•52 views

CVE-2020-10889

CVE•added 2020/04/22 9:15 p.m.•52 views

CVE-2020-10896

CVE•added 2020/04/22 9:15 p.m.•52 views

CVE-2020-10897

CVE•added 2021/05/07 9:15 p.m.•52 views

CVE-2021-31459