259 matches found
CVE-2020-13803
CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...
CVE-2020-13806
CVE-2020-13806 affects Foxit Reader and PhantomPDF prior to version 9.7.2. The issue is a use-after-free caused by JavaScript execution after a deletion or close operation, leading to a potential denial of service. The public material specifies the vulnerable components as Foxit Reader/PhantomPDF...
CVE-2018-17632
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17632. The flaw lies in the resolveNode handling, where lack of validation of an object before operations leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2018-17636
CVE-2018-17636 affects Foxit Reader 9.2.0.9297 for Windows, with a vulnerability in the handling of the id property of an aliasNode that can lead to remote code execution. The issue arises from not validating the existence of an object before performing operations on it, allowing an attacker to r...
CVE-2018-17656
Foxit Reader (Windows) 9.2.0.9297 and Foxit PhantomPDF 9.2.0.9297 and earlier are affected by a vulnerability in the TimeField getDisplayItem handling that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an att...
CVE-2018-17686
CVE-2018-17686 affects Foxit Reader (Windows) with a BMP image processing flaw. The connected advisories describe an out-of-bounds read in the BMP handling that can disclose sensitive information, requiring user interaction (e.g., visiting a malicious page or opening a malicious file). The vulner...
CVE-2018-17653
The CVE-2018-17653 entry concerns Foxit Reader 9.2.0.9297 (and earlier) where the flaw is in the TimeField.resolveNode handling; the code fails to verify the existence of an object before performing operations, enabling remote code execution in the current process. Exploitation requires user inte...
CVE-2020-13810
The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...
CVE-2018-17644
Foxit Reader (Windows) versions up to 9.2.0.9297 are affected by CVE-2018-17644. The flaw is in the TimeField addItem handling, arising from not validating the existence of an object before operating on it, which can lead to remote code execution in the context of the current process. Exploitatio...