259 matches found
CVE-2020-10905
CVE-2020-10905 affects Foxit PhantomPDF 9.7.1.29511. The issue is an out-of-bounds read in U3D vertex handling due to insufficient validation, requiring user interaction (malicious page/file) and potentially enabling code execution when combined with other vulnerabilities. Multiple sources (ZDI-2...
CVE-2018-20310
The connected CNVD-2021-04398 describes a vulnerability affecting Foxit Reader and Foxit PhantomPDF where a race condition can lead to a stack buffer overflow or an out-of-bounds read. The CVE-2018-20310 entry itself identifies Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9...
CVE-2018-20312
Affected software: Foxit Reader before 9.5; PhantomPDF before 8.3.10 and 9.x before 9.5. Root cause: a proxyDoAction race condition. Consequence: could cause a stack-based buffer overflow OR an out-of-bounds read. No remediation or exploitation status provided in the supplied documents.
CVE-2018-20314
CVE-2018-20314 affects Foxit Reader before 9.5 and PhantomPDF before 8.3.10 (and 9.x before 9.5). The underlying issue is a proxyCheckLicence race condition that can lead to a stack-based buffer overflow or an out-of-bounds read. Impacted products include Foxit Reader/PhantomPDF, with potential f...
CVE-2018-20316
CVE-2018-20316 concerns Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10 and 9.x prior to 9.5, where a proxyDoAction race condition can lead to a stack-based buffer overflow or an out-of-bounds read. This race condition is the underlying issue differentiating it from CVE-2018-20310 (diffe...
CVE-2019-6733
CVE-2019-6733 affects Foxit PhantomPDF (PDF handling). The issue is an out-of-bounds read from improper validation of user-supplied data in PDF processing, which can disclose sensitive information. It is exploitable via remote interaction when a user opens a malicious page/file, and an attacker m...
CVE-2020-10899
CVE-2020-10899 affects Foxit Reader/PhantomPDF up to version 9.7.1.29511. The flaw resides in XFA template processing where the code fails to validate an object’s existence before operations, enabling remote code execution when a user opens a malicious file/page. Exploitation requires user intera...
CVE-2021-31459
Foxit Reader 10.1.1.37576 is affected by a vulnerability in XFA Forms where code paths operate on an object without validating its existence, enabling remote code execution. Exploitation requires user interaction (viewing a malicious page or opening a malicious file). The root cause is a lack of ...
CVE-2018-17623
CVE-2018-17623 affects Foxit Reader 9.0.1.5096 and variants where the flaw is in the handling of Link objects. The root cause is the lack of validating an object’s existence before performing operations, enabling remote code execution in the context of the current process when a user visits a mal...
CVE-2018-17642
Foxit Reader (v9.2.0.9297 and earlier) is affected by a TimeField colSpan handling flaw that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the current process. Exploi...
CVE-2018-17658
CVE-2018-17658 affects Foxit Reader 9.2.0.9297 and earlier, where the vulnerability stems from improper handling of the host object’s respose property and a lack of validating object existence before operations. This allows remote code execution in the context of the current process and requires ...
CVE-2018-17675
CVE-2018-17675 concerns Foxit Reader. The vulnerability exists in the handling of the removeDataObject method of a document and stems from not validating the existence of an object before performing operations. It enables remote code execution in the context of the current process on vulnerable F...
CVE-2018-21239
CVE-2018-21239 affects Foxit Reader and PhantomPDF before 9.2. The issue enables NTLM credential theft via a GoToE or GoToR action in PDFs. Root cause is information leakage via GoTo actions, leading to partial confidentiality impact per CVSS (2.0: 5.0, 3.1: 5.3). Affected products are Foxit Read...
CVE-2018-3992
CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...
CVE-2018-17624
Foxit Reader (v9.1.0.5096) contains a remote code execution vulnerability in the handling of OCG objects due to a lack of validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). An attacker...
CVE-2018-17629
Foxit Reader 9.1.0.5096 is affected by a template-objects handling vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before performing operations on it, enabling an attacker to run code in the current process. Exploitation requires u...
CVE-2018-17662
CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...
CVE-2018-17703
Foxit Reader (Windows) is affected, including version 9.2.0.9297 and earlier, with vulnerabilities tied to the handling of the defaultValue property of ComboBox objects. The underlying flaw is a failure to validate the existence of an object before performing operations, resulting in a use-after-...
CVE-2019-20837
CVE-2019-20837 affects Foxit Reader and PhantomPDF, prior to version 9.5. The issue allows signature validation bypass when a file is modified or uses non-standard signatures, enabling bypass of digital signature checks. The provided documents do not specify an exploit method or in-the-wild activ...
CVE-2019-6729
CVE-2019-6729 is a remote-code-execution vulnerability in Foxit Reader and Foxit PhantomPDF for Windows caused by an out-of-bounds read during PDF processing due to improper validation of input data (read past end of allocated buffer). It requires user interaction (malicious page or file). Affect...
CVE-2020-12248
CVE-2020-12248 affects Foxit Reader and Foxit PhantomPDF: heap-based buffer overflow caused by mishandling dirty image-resource data, allowing arbitrary code execution. Affected: Foxit Reader and PhantomPDF versions before 10.0.1, and PhantomPDF before 9.7.3. Impact per sources: potential remote ...
CVE-2021-31457
Foxit Reader 10.1.1.37576 is affected by a code execution vulnerability in the handling of Annotation objects. The issue stems from failing to validate the existence of an object before performing operations, allowing an attacker to run arbitrary code in the current process when a user visits a m...
CVE-2016-8877
CVE-2016-8877 describes a heap-based buffer overflow in Foxit Reader and PhantomPDF before 8.1 on Windows. A crafted JPEG2000 image embedded in a PDF enables remote code execution (arbitrary code) with potential impact to confidentiality, integrity, and availability. Affected products: Foxit Read...
CVE-2018-16293
CVE-2018-16293 is a use-after-free vulnerability in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3. A specially crafted PDF can trigger a previously freed object to be reused, leading to arbitrary code execution. An attacker must entice a user to open the malicious PDF...
CVE-2018-17688
CVE-2018-17688 affects Foxit PhantomPDF/Reader on Windows; a memory misreference in the ComboBox setItems handling leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Targets include P...
CVE-2018-5678
Foxit Reader/PhantomPDF before 9.1 are affected by CVE-2018-5678 due to a flaw in processing PDFs with embedded u3d images, causing a heap-based buffer overflow. An attacker can exploit this via a malicious PDF to execute arbitrary code in the current process; user interaction is required (visiti...
CVE-2016-8879
CVE-2016-8879 affects Foxit Reader and Foxit PhantomPDF prior to 8.1 on Windows. The issue lies in the thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) where a crafted JPEG2000 image embedded in a PDF can trigger an out-of-bounds write, causing an application crash and a denial-of-s...
CVE-2018-17682
Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17682 due to a use-after-free/memory misreference in the handling of the delay property of Annotation objects. The flaw allows remote code execution in the context of the current process when a user opens a malicious file/page ...
CVE-2018-17701
CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...
CVE-2018-5674
Foxit Reader/PhantomPDF before 9.1 are vulnerable to CVE-2018-5674 due to improper handling of PDF files with embedded u3d images. The flaw triggers a heap-based buffer overflow when parsing specially crafted PDFs, allowing remote code execution in the context of the current process. Exploitation...
CVE-2019-20828
CVE-2019-20828 affects Foxit Reader and PhantomPDF prior to version 9.6. The vulnerability is a buffer overflow caused by a looping correction that does not occur after JavaScript updates Field APs, leading to potential memory corruption. Multiple sources corroborate the issue across vendor advis...
CVE-2019-6732
Foxit PhantomPDF (and Foxit Reader) is affected by CVE-2019-6732 due to improper validation in AFParseDateEx, causing an out-of-bounds read that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be trigg...
CVE-2020-12247
CVE-2020-12247 affects Foxit Reader and Foxit PhantomPDF prior to versions 10.0.1 and 9.7.3, respectively. The root cause is an out-of-bounds read caused by a text-string index being reused after splitting a string, which can also trigger a crash. Exploitation could lead to disclosure of sensitiv...
CVE-2018-17615
Foxit Reader for Windows vulnerability CVE-2018-17615 affects Foxit Reader 9.0.1.5096. The flaw lies in Mouse Exit event handling and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting...
CVE-2018-17622
CVE-2018-17622 affects Foxit Reader 9.1.0.5096 (Windows). The issue is a buffer over-read in handling Calculate events caused by improper validation of user-supplied data, allowing remote attackers to disclose sensitive information and potentially execute code in the context of the current proces...
CVE-2018-17664
CVE-2018-17664 affects Foxit Reader 9.2.0.9297 and earlier in Windows, due to a flaw in the isCompatibleNS handling of an XFA object. The issue arises from not validating the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context o...
CVE-2018-17669
CVE-2018-17669 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the handling of the name property of an XFA object and stems from not validating the existence of the object before performing operations, enabling remote code execution with current-process privileges after user visits a ma...
CVE-2018-17692
CVE-2018-17692 affects Foxit PhantomPDF (and Foxit Reader) for Windows, specifically the HTML-to-PDF conversion path. The root cause is an out-of-bounds write stemming from inadequate validation of user-supplied data during HTML-to-PDF conversion, allowing remote code execution. Affected versions...
CVE-2018-17694
CVE-2018-17694 affects Foxit PhantomPDF 9.2.0.9297 (and related Foxit PDF products in some feeds) with a display-property handling flaw in a button where the program does not verify an object’s existence before acting. This leads to remote code execution in the context of the current process, wit...
CVE-2018-17700
CVE-2018-17700 affects Foxit PhantomPDF 9.2.0.9297 (Windows). The root cause is a flaw in handling of Array.prototype.concat due to insufficient validation of user-supplied data, allowing a read past the end of an allocated object. This leads to remote code execution in the context of the current...
CVE-2018-3994
CVE-2018-3994 affects Foxit PDF Reader 9.2.0.9297, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF document. This may allow arbitrary code execution when a user opens the malicious file; the browser plugin extension context could also trigger the vulner...
CVE-2019-20818
CVE-2019-20818 affects Foxit Reader and PhantomPDF prior to version 9.7. The issue is a resource-management vulnerability where data is created for each page at the application level, leading to memory consumption. The supplied documents describe the affected products and the root cause but do no...
CVE-2019-20835
Foxit Reader and PhantomPDF prior to 9.5 are affected by a homograph mishandling issue. CVSSv3.1 base score 4.3 (NETWORK attack, USER INTERACTION required; I=LOW) per provided records. No explicit root cause, exploit details, or remediation are stated in the documents; no detailed impact beyond t...
CVE-2019-6728
The CVE-2019-6728 issue affects Foxit Reader (PDF processing path) and is due to an out-of-bounds read caused by inadequate validation of user-supplied data, resulting in a read past the end of an allocated buffer. This vulnerability can disclose sensitive information and, in conjunction with oth...
CVE-2016-8876
CVE-2016-8876 describes an out-of-bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, exploitable by a crafted TIFF image embedded in the XFA data stream of a PDF when the gflags tool is enabled. Successful exploitation can lead to remote arbitrary code execution with ...
CVE-2018-17609
Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...
CVE-2018-17619
Foxit Reader CVE-2018-17619 affects Foxit Reader 9.0.1.5096 on Windows. The flaw is in the handling of Validate events where the code fails to verify the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicio...
CVE-2018-17652
CVE-2018-17652 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the XFA TimeField mandatory property handling, caused by not validating the existence of an object before performing operations, which enables a remote attacker to execute code in the context of the current process via a cra...
CVE-2018-17683
Foxit Reader 9.2.0.9297 (and earlier per CNVD) is affected by a vulnerability in the createIcon handling of an app object. The flaw is a lack of validation for object existence before operations, leading to remote code execution. User interaction is required (visiting a malicious page or opening ...
CVE-2018-17689
CVE-2018-17689 affects Foxit PhantomPDF (and related Foxit viewer components) with a remote code execution flaw in the fillColor handling of a radio button. The root cause is lack of object existence validation before operations, enabling code execution in the current process after user interacti...