Reader Security Vulnerabilities and Issues — Page 3 of Reader CVE List

Lucene search

FoxitsoftwareReader

259 matches found

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17629

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•46 views

CVE-2018-17658

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2021/01/07 5:15 p.m.•46 views

CVE-2018-20310

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•46 views

CVE-2018-20316

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2019/03/21 4:1 p.m.•46 views

CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF...

8.8CVSS8.8AI score0.00745EPSS

CVE•added 2016/10/31 10:59 a.m.•45 views

CVE-2016-8877

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.

8.8CVSS9AI score0.00534EPSS

CVE•added 2019/01/24 4:29 a.m.•45 views

CVE-2018-17703

8.8CVSS7.8AI score0.00566EPSS

CVE•added 2021/01/07 5:15 p.m.•45 views

CVE-2018-20312

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2021/01/07 6:15 p.m.•45 views

CVE-2018-20314

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

8.1CVSS8.1AI score0.00026EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2018-21240

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2018/10/08 4:29 p.m.•45 views

CVE-2018-3992

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the ...

8.8CVSS8.3AI score0.00229EPSS

CVE•added 2018/10/03 3:29 p.m.•45 views

CVE-2018-3994

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the u...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2018/05/24 9:29 p.m.•45 views

CVE-2018-5678

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

8.8CVSS8.8AI score0.01864EPSS

CVE•added 2020/06/04 5:15 p.m.•45 views

CVE-2019-20828

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

7.5CVSS7.7AI score0.00022EPSS

CVE•added 2019/03/21 4:1 p.m.•45 views

CVE-2019-6727

8.8CVSS8.8AI score0.21143EPSS

CVE•added 2020/09/04 4:15 a.m.•45 views

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

8.1CVSS7.6AI score0.00075EPSS

CVE•added 2020/09/04 4:15 a.m.•45 views

CVE-2020-12247

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.

7.1CVSS6.6AI score0.00129EPSS

CVE•added 2021/05/07 9:15 p.m.•45 views

CVE-2021-31457

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS8.4AI score0.00411EPSS

CVE•added 2016/10/31 10:59 a.m.•44 views

CVE-2016-8876

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."

7.5CVSS8.3AI score0.00361EPSS

CVE•added 2018/10/29 10:0 p.m.•44 views

CVE-2018-17615

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

8.8CVSS7.8AI score0.00598EPSS

CVE•added 2019/01/24 4:29 a.m.•44 views

CVE-2018-17652

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•44 views

CVE-2018-17688

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ha...

8.8CVSS8.8AI score0.00566EPSS

CVE•added 2020/06/04 4:15 p.m.•44 views

CVE-2019-20818

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.

7.5CVSS7.5AI score0.00021EPSS

CVE•added 2019/03/21 4:1 p.m.•44 views

CVE-2019-6733

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handl...

6.5CVSS6.2AI score0.00894EPSS

CVE•added 2016/10/31 10:59 a.m.•43 views

CVE-2016-8879

The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Hea...

6.5CVSS7AI score0.00088EPSS

CVE•added 2018/10/08 4:29 p.m.•43 views

CVE-2018-16293

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can t...

7.8CVSS7.8AI score0.00546EPSS

CVE•added 2018/09/28 9:29 a.m.•43 views

CVE-2018-17609

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

9.8CVSS9.3AI score0.00398EPSS

CVE•added 2018/10/29 10:0 p.m.•43 views

CVE-2018-17622

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.5CVSS6.6AI score0.01853EPSS

CVE•added 2018/10/29 10:0 p.m.•43 views

CVE-2018-17623

8.8CVSS8.8AI score0.00598EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17628

8.8CVSS7.8AI score0.00586EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17642

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17664

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17669

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17675

8.8CVSS7.8AI score0.00566EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17692

8.8CVSS8.8AI score0.00518EPSS

CVE•added 2019/01/24 4:29 a.m.•43 views

CVE-2018-17694

8.8CVSS8.8AI score0.00566EPSS

CVE•added 2020/06/04 5:15 p.m.•43 views

CVE-2019-20826

An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

7.5CVSS7.5AI score0.00018EPSS

CVE•added 2019/03/21 4:1 p.m.•43 views

CVE-2019-6730

8.8CVSS8.8AI score0.21143EPSS

CVE•added 2018/10/29 10:0 p.m.•42 views

CVE-2018-17621

8.8CVSS7.8AI score0.00598EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17662

8.8CVSS7.8AI score0.00856EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17671

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

8.8CVSS7.3AI score0.00784EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17679

8.8CVSS7.8AI score0.00462EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17689

8.8CVSS8.8AI score0.00566EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17701

8.8CVSS8.8AI score0.00518EPSS

CVE•added 2019/01/24 4:29 a.m.•42 views

CVE-2018-17704

8.8CVSS7.8AI score0.00566EPSS

CVE•added 2018/10/08 4:29 p.m.•42 views

CVE-2018-3996

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user t...

8.8CVSS8.3AI score0.00268EPSS

CVE•added 2019/03/21 4:1 p.m.•42 views

CVE-2019-6732

6.5CVSS6.2AI score0.00894EPSS

CVE•added 2020/09/04 4:15 a.m.•42 views

CVE-2020-12248

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.

8.8CVSS9AI score0.00527EPSS

CVE•added 2018/10/08 4:29 p.m.•41 views

CVE-2018-16291

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can t...

7.8CVSS7.8AI score0.00546EPSS

CVE•added 2018/09/28 9:29 a.m.•41 views

CVE-2018-17608

9.8CVSS9.3AI score0.00398EPSS

Total number of security vulnerabilities259