259 matches found
CVE-2018-17685
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17685 due to a type confusion in PDF handling. The issue allows remote code execution when a user opens a malicious file or visits a malicious page, and requires user interaction. The vulnerability is confirmed across multiple sources (e.g., ZDI-18-...
CVE-2018-17686
CVE-2018-17686 affects Foxit Reader (Windows) with a BMP image processing flaw. The connected advisories describe an out-of-bounds read in the BMP handling that can disclose sensitive information, requiring user interaction (e.g., visiting a malicious page or opening a malicious file). The vulner...
CVE-2018-17632
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17632. The flaw lies in the resolveNode handling, where lack of validation of an object before operations leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2018-17645
The CVE-2018-17645 entry concerns Foxit Reader 9.2.0.9297 on Windows, where the vAlign handling of TimeField crashes when an object existence is not validated. This results in remote code execution in the context of the current process, with user interaction required (visiting a malicious page or...
CVE-2018-17653
The CVE-2018-17653 entry concerns Foxit Reader 9.2.0.9297 (and earlier) where the flaw is in the TimeField.resolveNode handling; the code fails to verify the existence of an object before performing operations, enabling remote code execution in the current process. Exploitation requires user inte...
CVE-2019-20817
Foxit Reader and PhantomPDF prior to v9.7 are affected by a NULL pointer dereference in the code paths described across multiple sources. The issue is triggered in the products Foxit Reader and Foxit PhantomPDF before version 9.7; upgrading to 9.7 or later is the stated mitigation. The connected ...
CVE-2020-13803
CVE-2020-13803 affects Foxit PhantomPDF Mac and Foxit Reader for Mac. The issue allows bypass of signature validation when processing specially crafted or non-standard-signed files, enabling a signature verification bypass on macOS. Reported across Foxit PhantomPDF Mac versions up to 3.4.x and Fo...
CVE-2018-17644
Foxit Reader (Windows) versions up to 9.2.0.9297 are affected by CVE-2018-17644. The flaw is in the TimeField addItem handling, arising from not validating the existence of an object before operating on it, which can lead to remote code execution in the context of the current process. Exploitatio...
CVE-2020-13810
The CVE-2020-13810 issue affects Foxit Reader and PhantomPDF prior to version 9.7.2. It allows a signature validation bypass when opening a modified file or a file with non-standard signatures, enabling bypass of signature checks. The root cause involves the signature verification process, though...