259 matches found
CVE-2018-17698
CVE-2018-17698 affects Foxit PhantomPDF (Windows) with vulnerable 9.2.0.9297 and related builds. The flaw is in the handling of the richValue property of a text field, arising from not validating the existence of an object before performing operations. This use-after-free scenario enables remote ...
CVE-2018-3995
CVE-2018-3995 affects Foxit PDF Reader (JS engine); a vulnerability in the JavaScript engine of Foxit PDF Reader 9.2.0.9297 allows a crafted PDF to trigger a previously freed object, enabling arbitrary code execution. The impact is contingent on successfully triggering the freed object reuse. Att...
CVE-2018-5679
CVE-2018-5679 affects Foxit Reader and Foxit PhantomPDF prior to 9.1. The flaw is in processing of PDF files with embedded u3d images due to insufficient validation, causing a read past end of an allocated object and enabling arbitrary code execution in the current process. The issue is exploitab...
CVE-2019-20826
The CVE-2019-20826 issue affects Foxit PhantomPDF for Mac (3.3) and Foxit Reader for Mac prior to 3.3. The root cause is a NULL pointer dereference in the affected code path. Public descriptions in the connected sources only confirm the existence and nature of the vulnerability; they do not provi...
CVE-2019-6727
CVE-2019-6727 involves Foxit Reader (XFA remerge method) where a failure to validate the existence of an object before operating on it enables remote code execution after user visits a malicious page or opens a malicious file. The issue is characterized as a use-after-free/invalid object handling...
CVE-2019-6730
CVE-2019-6730 affects Foxit Reader (and PhantomPDF in some records) via the popUpMenu method. The root cause is failure to validate the existence of an object before performing operations, leading to a use-after-free/memory misreference . This allows remote attackers to execute arbitrary code in ...
CVE-2018-16291
CVE-2018-16291 affects Foxit Reader and Foxit PhantomPDF prior to version 9.3, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF to execute arbitrary code. The vulnerability can be exploited when a user opens a malicious PDF file; if the browser plugin is...
CVE-2018-16292
Summary of CVE-2018-16292 (Foxit Reader/PhantomPDF) : A use-after-free vulnerability in the JavaScript engine of Foxit Reader (before 9.3) and PhantomPDF (before 9.3) can be triggered by a specially crafted PDF to reuse a previously freed object, enabling arbitrary code execution. An attacker mus...
CVE-2018-17608
Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...
CVE-2018-17610
Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...
CVE-2018-17625
CVE-2018-17625 affects Foxit Reader (Windows). The flaw is a use-after-free/memory misreference in handling the JavaScript setInterval() method where the code fails to verify object existence before operations, enabling remote code execution in the context of the current process. User interaction...
CVE-2018-17628
Foxit Reader (Windows) 9.2.0.9297 and earlier versions are affected by CVE-2018-17628. The flaw occurs in the XFA setInterval method due to not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits a crafted...
CVE-2018-17687
CVE-2018-17687 affects Foxit PhantomPDF (notably version 9.2.0.9297) and relates to the exportValues handling of a radio button. The flaw arises from not validating the existence of an object before performing operations, enabling remote code execution via a malicious page or file. Exploitation r...
CVE-2018-17781
Foxit PhantomPDF and Foxit Reader are affected: versions before 9.3 are vulnerable to an Uninitialized Object Information Disclosure caused by mishandling ArrayBuffer and DataView object creation. This allows remote attackers to obtain information without user interaction. No remediation details ...
CVE-2018-3996
CVE-2018-3996 concerns Foxit PDF Reader’s JavaScript engine. The vulnerability is a use-after-free in version 9.2.0.9297 that can be triggered by a crafted PDF document, allowing arbitrary code execution by reusing a freed object. An attacker must entice the user to open the malicious file; if a ...
CVE-2018-5677
Foxit Reader/PhantomPDF prior to 9.1 are affected by CVE-2018-5677 due to improper validation when processing PDF files containing embedded u3d images, enabling remote code execution. Exploitation requires user to open a malicious file/page. The issue is fixed in 9.1 or later. Newer products are ...
CVE-2019-20827
CVE-2019-20827 affects Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3, with a stack-consumption issue arising from interaction between ICC-Based color space and Alternate color space. The NVD score indicates high severity (CVSS v3.1: 9.8, network exploit, no user interaction). No ex...
CVE-2019-6731
Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...
CVE-2018-17616
CVE-2018-17616 affects Foxit Reader 9.0.1.5096 for Windows. The vulnerability arises in the handling of onBlur events where the code fails to validate the existence of an object before operating on it, enabling remote code execution when a user opens a malicious file or visits a malicious page. T...
CVE-2018-17633
CVE-2018-17633 affects Foxit Reader 9.2.0.9297 and earlier for Windows. The flaw is in the handling of the Annotation object's subject property, where the code fails to validate the existence of an object before operating on it, leading to a use-after-free condition and remote code execution. Exp...
CVE-2018-17663
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17663 due to a memory misreference in the Host.importData path. The flaw stems from not validating the existence of an object before performing operations on it, allowing remote code execution when a user visits a malicious page or opens a malicious...
CVE-2018-17668
CVE-2018-17668 affects Foxit Reader 9.2.0.9297 and earlier. The flaw is in the handling of the removeAttribute method of an XFA object, caused by not validating the existence of the object before performing operations. This can allow remote code execution in the context of the current process and...
CVE-2018-17671
CVE-2018-17671 affects Foxit Reader for Windows (9.2.0.9297 and earlier). The vulnerability arises from improper validation in the handling of the Lower method of an XFA object, allowing an out-of-bounds read that can disclose sensitive information and enable code execution in the affected proces...
CVE-2018-17679
Foxit Reader 9.2.0.9297 and earlier versions are affected by CVE-2018-17679, a PDF parsing vulnerability that allows remote code execution via a use-after-free in document element handling. The flaw can be triggered when a user opens a malicious file or visits a malicious page, enabling code exec...
CVE-2018-17680
CVE-2018-17680 affects Foxit Reader 9.2.0.9297 (Windows). The vulnerability is in the handling of the style property of a Field object, due to missing validation before operations, leading to use-after-free and remote code execution. Exploitation requires user interaction (visiting a malicious pa...
CVE-2018-17696
Foxit Reader 9.2.0.9297 (and earlier) is affected by a dataObjects handling vulnerability that fails to validate object existence before operations, enabling remote code execution when a user opens a malicious file or visits a malicious page. The flaw allows code to run in the context of the curr...
CVE-2018-17704
Foxit Reader 9.2.0.9297 is affected by a textColor handling flaw in RadioButton objects that leads to remote code execution. The issue arises from not validating the existence of an object before performing operations, effectively a use-after-free/NULL dereference type bug. Exploitation requires ...
CVE-2018-7406
CVE-2018-7406 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is in the PDF u3d image handling, due to insufficient validation of user-supplied data, causing an array-indexing issue that can lead to remote code execution. Exploitation requires user interaction (visiting...
CVE-2018-7407
CVE-2018-7407 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is a type confusion caused by insufficient validation while rendering U3D images in PDFs , allowing remote code execution. An attacker must entice the user to open a malicious page or file (user interaction r...
CVE-2020-13807
The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...
CVE-2018-16297
CVE-2018-16297 is a use-after-free in Foxit Reader/PhantomPDF’s JavaScript engine prior to 9.3. A specially crafted PDF can trigger object reuse for arbitrary code execution; user must open the file (or, with a browser plugin, visiting a malicious site could trigger it). Affected products: Foxit ...
CVE-2018-17626
Summary: Foxit Reader shows a text box handling flaw that can lead to remote code execution. The root cause is a use-after-free-like issue in the TextBox Validate event path where code does not verify that the target object exists before operating on it. This allows an attacker to run arbitrary c...
CVE-2018-17638
CVE-2018-17638 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the getAttribute handling where the code does not verify object existence before performing operations, enabling remote code execution in the context of the current process when a user opens a malicious file or ...
CVE-2018-17647
CVE-2018-17647 affects Foxit Reader 9.2.0.9297 for Windows, where the boundItem method of a TimeField can be mishandled due to not validating the existence of an object, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-17651
Foxit Reader 9.2.0.9297 contains a use-after-free/invalid object access flaw in the TimeField getItemState handler, where code executes without validating the existence of the object. This can allow remote code execution when a user opens a malicious file or visits a crafted page, as described by...
CVE-2018-17695
CVE-2018-17695 affects Foxit PhantomPDF (notably version 9.2.0.9297 and earlier per CNVD) where a use-after-free/memory misreference in the TextField username handling allows remote code execution. The flaw arises from not validating object existence before operations, enabling an attacker to run...
CVE-2019-20836
Foxit Reader and Foxit PhantomPDF prior to 9.5 are affected by a cloud credentials mishandling vulnerability. Multiple sources (including CNVD-2020-32457, RH/CVE-2019-20836, NVD, CNVD, and others) describe an issue where cloud credentials are mishandled, demonstrated via Google Drive, potentially...
CVE-2020-13814
Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...
CVE-2020-13815
CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...
CVE-2018-16295
Summary (CVE-2018-16295): A use-after-free in Foxit Reader/PhantomPDF JavaScript engine (versions before 9.3) can be triggered by a specially crafted PDF, leading to arbitrary code execution. The attacker must persuade the user to open the malicious PDF; if a browser plugin is enabled, visiting a...
CVE-2018-17611
CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...
CVE-2018-17617
CVE-2018-17617 affects Foxit Reader for Windows (including versions around 9.0.x and 9.2.x) via onFocus handling. The flaw is a memory/object existence check issue on focus events, enabling remote code execution when a user opens a malicious file or page. Connected sources corroborate the onFocus...
CVE-2018-17620
CVE-2018-17620 affects Foxit Reader 9.0.1.5096 on Windows. The vulnerability stems from flawed handling of Calculate events where the software fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User inte...
CVE-2018-17635
Foxit Reader (Windows) vulnerability CVE-2018-17635 affects version 9.2.0.9297 and earlier. The flaw is in XFA object handling (desc property): the code fails to validate an object before performing operations, enabling remote code execution via a malicious file or page. User interaction is requi...
CVE-2018-17640
The CVE-2018-17640 issue affects Foxit Reader 9.2.0.9297 and earlier, where a failure to validate the existence of an object before manipulating the Form count property leads to a use-after-free condition. This allows remote code execution if a user visits a malicious page or opens a malicious fi...
CVE-2018-17654
Foxit Reader on Windows (versions up to 9.2.0.9297) is affected by a vulnerability in the XFA Form Model insertInstance handling. The flaw is a use-after-free due to lack of validating object existence before operations, enabling remote code execution if a user opens a malicious file or visits a ...
CVE-2018-17661
CVE-2018-17661 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the messageBox method of the Host object, stemming from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...
CVE-2018-17665
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17665. The vulnerability arises from improper handling of the currentPage property of a Host object, due to a missing validation of the object’s existence before performing operations. This can allow a remote attacker to execute arbitrary code in th...
CVE-2019-6735
CVE-2019-6735 affects Foxit Reader. A vulnerability in PDF file processing causes an out-of-bounds read due to lack of proper validation of user-supplied data, potentially disclosing sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious fi...
CVE-2020-13809
Foxit Reader and PhantomPDF prior to version 9.7.2 contain a resource management vulnerability where long strings in the content stream can cause resource exhaustion (DoS). Affected products are Foxit Reader and Foxit PhantomPDF. The underlying issue is triggered by overlong content stream string...