259 matches found
CVE-2018-17654
Foxit Reader on Windows (versions up to 9.2.0.9297) is affected by a vulnerability in the XFA Form Model insertInstance handling. The flaw is a use-after-free due to lack of validating object existence before operations, enabling remote code execution if a user opens a malicious file or visits a ...
CVE-2018-17665
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17665. The vulnerability arises from improper handling of the currentPage property of a Host object, due to a missing validation of the object’s existence before performing operations. This can allow a remote attacker to execute arbitrary code in th...
CVE-2018-17690
The CVE-2018-17690 vulnerability affects Foxit PhantomPDF (Windows) 9.2.0.9297 and earlier, where the rect property handling of a Link object can lead to remote code execution. The flaw stems from not validating the existence of an object before performing operations, enabling an attacker to exec...
CVE-2018-17693
This CVE concerns Foxit PhantomPDF 9.2.0.9297 and earlier on Windows, where the HTML to PDF conversion path can trigger an out-of-bounds read due to improper validation of user-supplied HTML data. The vulnerability allows remote code execution in the context of the current process and requires us...
CVE-2018-21236
CVE-2018-21236 affects Foxit Reader prior to 2.4.4 and is described as a NULL pointer dereference. The connected records corroborate the issue but do not provide a remediation or exploitation details beyond the basic description. CVSS data indicate a high impact on availability (with network atta...
CVE-2018-17627
Foxit Reader/PhantomPDF for Windows (Foxit Reader 9.2.0.9297 and earlier) contains a vulnerability in the XFA mouseUp handling that can trigger a use-after-free, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Affecte...
CVE-2018-17630
Foxit Reader openPlayer Use-After-Free remote Code Execution (CVE-2018-17630) affects Foxit Reader and related components. The root cause is failure to validate the existence of an object before performing operations in the openPlayer method, enabling an attacker to execute code in the process co...
CVE-2018-17634
CVE-2018-17634 affects Foxit Reader 9.2.0.9297 and earlier; the vulnerability is a use-after-free in the attachIcon handling of Annotation objects, caused by not validating the existence of an object before operations. Remote code execution is possible with user interaction (visit a malicious pag...
CVE-2018-17637
Foxit Reader (Windows) vulnerable: Foxit Reader 9.2.0.9297 and earlier exposes a flaw in loadXML handling within the XFA object, where the code fails to validate the existence of an object before performing operations. This results in a use-after-free/memory misreference type condition that can a...
CVE-2018-17655
CVE-2018-17655 affects Foxit Reader (Windows) 9.2.0.9297 and earlier, with multiple sources confirming a moveInstance handling flaw in Form objects. The root cause is the failure to validate object existence before performing operations, enabling remote code execution. Attack requires user intera...
CVE-2018-17660
CVE-2018-17660 affects Foxit Reader 9.2.0.9297 on Windows. The flaw resides in the resetData method of a Host object, failing to validate the existence of an object before performing operations, which can allow an attacker to execute arbitrary code in the current process. The vulnerability requir...
CVE-2018-17670
CVE-2018-17670 affects Foxit Reader up to version 9.2.0.9297 where the XFA object content handling allows remote code execution. The vulnerability arises from failing to validate the existence of an object before performing operations on it, enabling an attacker to execute code in the current pro...
CVE-2018-17697
Foxit Reader 9.2.0.9297 and earlier are affected by a templates handling vulnerability where code executes due to a missing object existence check, enabling remote code execution after user opens a malicious page/file. Exploitation requires user interaction; advisory ZDI-18-1215 describes a use-a...
CVE-2018-17699
The CVE-2018-17699 issue affects Foxit Reader 9.2.0.9297 and earlier on Windows, where the PDF processing path fails to validate user-supplied data, causing an out-of-bounds read (read past the end of an allocated buffer). This enables remote information disclosure and, when combined with other v...
CVE-2019-20819
CVE-2019-20819 affects Foxit Reader and PhantomPDF versions before 9.7. The vulnerability arises from nested function calls during XML parsing, causing stack exhaustion and potentially crashing the application. Remediation: upgrade to Foxit Reader/PhantomPDF 9.7 or newer. Other sources reiterate ...
CVE-2018-17607
CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...
CVE-2018-17641
Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17641 due to a use-after-free in TimeField.deleteItem, caused by not validating object existence. This allows remote code execution with user interaction (visiting a malicious page or opening a malformed file). Some sources als...
CVE-2018-17646
Foxit Reader 9.2.0.9297 on Windows is affected by CVE-2018-17646. The vulnerability arises in the TimeField fillColor handling, due to a lack of validating the existence of an object before performing operations. This can allow remote attackers to execute arbitrary code in the context of the curr...
CVE-2018-17648
Foxit Reader (Windows) vulnerability CVE-2018-17648 affects Foxit Reader 9.2.0.9297 and enables remote code execution via the TimeField rotate property after an object existence check fails. Attack requires user interaction (visit a malicious page or open a malicious file). Connected sources (e.g...
CVE-2018-17677
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17677 due to a flaw in the mailDoc handling of the app object. The vulnerability stems from not validating the existence of an object before performing operations, leading to use-after-free and remote code execution. Exploitation requires user inter...
CVE-2018-17702
This entry details a Windows vulnerability in Foxit Reader 9.2.0.9297 (and earlier) where the RichValue handling of button objects allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code ...
CVE-2018-17705
CVE-2018-17705 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from the handling of the display property of CheckBox objects, due to not validating the existence of an object before performing operations, enabling remote code execution via a malicious page or file with user ...
CVE-2019-20820
CVE-2019-20820 affects Foxit Reader and Foxit PhantomPDF prior to version 9.7. The issue is a NULL pointer dereference during parsing of file data, which can lead to a crash/denial of service as described across multiple sources. Affected component: PDF file data parsing within Foxit’s reader/pdf...
CVE-2019-20829
Foxit Reader and PhantomPDF are affected by CVE-2019-20829 due to a NULL pointer dereference in FXSYS_wcslen while processing EPUB files, impacting versions before 9.6. This can cause the application to crash. Remediation: upgrade to Foxit 9.6 or later (as indicated by multiple connected sources).
CVE-2020-13805
The CVE-2020-13805 entry concerns Foxit Reader and PhantomPDF prior to 9.7.2 where the CAS login service does not limit login failures, enabling brute-force attack attempts. Concrete details across connected sources confirm the affected products (Foxit Reader/PhantomPDF) and the root cause (unlim...
CVE-2020-13808
CVE-2020-13808 affects Foxit Reader and PhantomPDF prior to 9.7.2. The issue enables resource consumption via crafted cross-reference stream data, described as a resource management vulnerability that can lead to denial of service. The public documents do not provide exploitation details or concr...
CVE-2016-8856
Foxit Reader for Mac (2.1.0.0804 and earlier) and Foxit Reader for Linux (2.1.0.0805 and earlier) are affected by a vulnerability in which default global write permissions on core files after installation allow an attacker to overwrite them with backdoor code. This can lead to arbitrary code exec...
CVE-2018-17618
Foxit Reader 9.0.1.5096 is affected by a selection-change handling vulnerability that allows remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling an attacker to execute code in the current process when a user visits a m...
CVE-2018-17643
CVE-2018-17643 affects Foxit Reader 9.2.0.9297 on Windows. The vulnerability stems from the TimeField editValue handling, caused by not validating the existence of an object before performing operations, effectively a use-after-free scenario. This allows remote code execution in the context of th...
CVE-2018-17649
CVE-2018-17649 affects Foxit Reader 9.2.0.9297 and earlier. The vulnerability arises from handling of the TimeField setAttribute method, due to lack of validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process wh...
CVE-2018-17657
CVE-2018-17657 affects Foxit Reader 9.2.0.9297 (and related Foxit products per CNVD/CVEs) where the gotoURL host object is not validating the existence of an object before performing operations. This use-after-free style flaw enables remote code execution with the current process context when a u...
CVE-2018-17659
CVE-2018-17659 affects Foxit Reader 9.2.0.9297 (and earlier Windows versions per CNVD entry). The flaw is in the Host object’s title handling, caused by failure to validate the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interact...
CVE-2018-17667
CVE-2018-17667 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is in the Host object’s print method where an object’s existence isn’t validated before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). M...
CVE-2018-17673
CVE-2018-17673 affects Foxit Reader 9.2.0.9297 and earlier on Windows. The flaw is in the handling of the Annotation object's subtype property, caused by not validating the existence of an object before operations, enabling remote code execution. User interaction is required (malicious page or fi...
CVE-2018-17674
Foxit Reader 9.2.0.9297 (and older) is affected by CVE-2018-17674. The issue is a memory misreference/use-after-free in the handling of the name property of Annotation objects, arising from not validating the existence of an object before operations. Exploitation requires user interaction (target...
CVE-2018-17678
Foxit Reader 9.2.0.9297 is affected by a remote code execution vulnerability in the gotoNamedDest handling of the app object. The flaw arises from not validating the existence of an object before performing operations, enabling code execution in the context of the current process when a user open...
CVE-2018-17681
Foxit Reader (Windows) vulnerability CVE-2018-17681 affects version 9.2.0.9297 and earlier, due to a getPageBox handling flaw in a Form where code assumes an object exists and proceeds without validation. This allows remote code execution with user interaction (targets must open a malicious page ...
CVE-2018-5675
CVE-2018-5675 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The flaw occurs in the processing of PDF files with embedded u3d images, where crafted data can trigger an out-of-bounds write in a buffer, allowing remote code execution under the current process. An attacker must ent...
CVE-2018-5676
Foxit PhantomPDF/Reader vuln CVE-2018-5676: affected if app is before 9.1; parsing of PDF with embedded u3d images can overflow a heap-based buffer, enabling arbitrary code execution. Requires user interaction (open malicious PDF/page or visit malicious page). Impact described as code execution u...
CVE-2018-17639
The CVE-2018-17639 issue affects Foxit Reader 9.2.0.9297 and earlier, allowing remote code execution when a user visits a malicious page or opens a malicious file. The root cause is a failure to validate the existence of an object before performing operations in the setElement method, enabling co...
CVE-2018-17650
CVE-2018-17650 affects Foxit Reader for Windows (version 9.2.0.9297 and earlier per CNVD/NVD references). The vulnerability stems from the TimeField.resolveNodes path where the code fails to validate the existence of an object before performing operations, enabling an attacker to execute arbitrar...
CVE-2018-17666
CVE-2018-17666 affects Foxit Reader 9.2.0.9297 and earlier for Windows, with a flaw in the exportData host object handling that fails to validate object existence, enabling remote code execution via a malicious page or file and requiring user interaction. The root cause is a lack of existence val...
CVE-2018-17672
Foxit Reader
CVE-2018-17676
Foxit Reader 9.2.0.9297 is vulnerable to a remote code execution flaw in the removeField handling of an app object. The issue arises from not validating the existence of an object before performing operations, effectively enabling an attacker to execute code in the context of the current process....
CVE-2018-17684
Foxit Reader (Windows) vulnerable to remote code execution in version 9.2.0.9297 and earlier due to a isPropertySpecified handling flaw that lacks object-existence validation. Exploitation requires user interaction (malicious page/file). Impact is execution in the current process context; advisor...
CVE-2018-16294
An exploitable use-after-free in Foxit Reader before 9.3 and PhantomPDF before 9.3 within the JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. User interaction is required (opening the malicious PDF); if the browser plug...
CVE-2018-16296
Technical details about CVE-2018-16296 are not present in the provided connected documents. The supplied sources do not specify affected products/versions, impact, or remediation. Monitor for updates from official sources.
CVE-2020-13806
CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...
CVE-2018-17636
CVE-2018-17636 affects Foxit Reader 9.2.0.9297 for Windows, with a vulnerability in the handling of the id property of an aliasNode that can lead to remote code execution. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to r...
CVE-2018-17656
Foxit Reader (Windows) 9.2.0.9297 and Foxit PhantomPDF 9.2.0.9297 and earlier are affected by a vulnerability in the TimeField getDisplayItem handling that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an att...