Lucene search
K

55 matches found

CVE
CVE
added 2018/10/08 4:0 p.m.83 views

CVE-2018-3942

CVE-2018-3942 is an exploitable use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Software) affecting version 9.1.0.5096. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. The vulnerability requires the user to open the malici...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.81 views

CVE-2018-3940

CVE-2018-3940 concerns Foxit PDF Reader’s JavaScript engine. The issue is a use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 that can be triggered by a specially crafted PDF, allowing memory reuse of a previously freed object. An attacker must entice the user to open the malicious file...

8.8CVSS7.9AI score0.02114EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.81 views

CVE-2018-3993

CVE-2018-3993 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader v9.2.0.9297). A specially crafted PDF can reuse a freed object, enabling arbitrary code execution. The attack requires user interaction (opening a malicious PDF); if a browser plugin extensio...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.79 views

CVE-2018-3962

Foxit PDF Reader (version 9.1.0.5096) is affected by a use-after-free in the JavaScript engine when accessing CreationDate on this.info. The vulnerability can be triggered when a user opens a malicious PDF file, and, if the browser plugin extension is enabled, by visiting a malicious site. The do...

8CVSS7.6AI score0.02497EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.78 views

CVE-2018-3944

CVE-2018-3944 is a use-after-free vulnerability in Foxit Software’s PDF Reader JavaScript engine (version 9.1.0.5096). A specially crafted PDF can trigger reuse of a freed object, leading to arbitrary code execution. Exploitation requires user interaction: the user must open the malicious PDF; if...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.77 views

CVE-2018-3965

CVE-2018-3965 is a use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader 9.1.0.5096). A specially crafted PDF can trigger reuse of freed memory, allowing arbitrary code execution. Exploitation requires user action (open the malicious PDF); if a browser plugin is enabled, visiti...

8CVSS8.3AI score0.06043EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.75 views

CVE-2018-3961

CVE-2018-3961 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The flaw occurs when accessing the Creator property of the this.info object, enabling potentially arbitrary code execution. Exploitation vectors described in the connected Talos write-up ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.74 views

CVE-2018-3943

Foxit Reader/PhantomPDF CVE-2018-3943 is a use-after-free in Foxit’s PDF Reader JavaScript engine (Foxit Reader 9.1.0.5096). A crafted PDF can reuse a freed object, allowing arbitrary code execution. Exploitation requires user action (opening the malicious file); if a browser plugin extension is ...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.71 views

CVE-2018-3957

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine triggered by accessing the this.info Keywords property. An attacker can exploit this by convincing a user to open a malicious PDF file; if the browser plugin extension is enabled, visiting a malicious site may also tri...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.69 views

CVE-2018-17621

Foxit Reader 9.0.1.5096 is affected by CVE-2018-17621. The flaw affects the handling of Format events and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening...

8.8CVSS7.8AI score0.0358EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.69 views

CVE-2018-3941

CVE-2018-3941 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object in memory, enabling arbitrary code execution. Exploitation requires the user to open a malicious file...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.69 views

CVE-2018-3946

CVE-2018-3946 : A use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) allows arbitrary code execution. A specially crafted PDF can reuse a freed memory object, enabling exploitation. User interaction is required: the attacker must persuade the user to open a malicious PDF;...

8.8CVSS8.2AI score0.03155EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.68 views

CVE-2018-3960

CVE-2018-3960 is a use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The vulnerability occurs when accessing the Producer property of the this.info object. Exploitation depends on social/drive-by user action: a user must open a specially crafted malicious PDF file, or, ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.67 views

CVE-2018-3967

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. Exploitation requires user action (opening the crafted file); if the browser plugin is enabled, visiting a m...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.66 views

CVE-2018-3958

CVE-2018-3958 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader, version 9.1.0.5096). The defect occurs when accessing the Subject property of the this.info object. Exploitation requires user interaction: convincing a user to open a malicious PDF file, or...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3964

CVE-2018-3964 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by a specially crafted PDF. The vulnerability allows an attacker to cause arbitrary code execution by reusing freed memory when JavaScript objects are manipulated, wi...

8CVSS8.3AI score0.09482EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3966

CVE-2018-3966 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by opening a specially crafted PDF or, if the browser plugin is enabled, by viewing the document in a web browser. The vulnerability allows arbitrary code execution d...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.65 views

CVE-2018-3959

CVE-2018-3959 affects Foxit PDF Reader 9.1.0.5096. It is a use-after-free in the JavaScript engine triggered when accessing the this.info.Author property, exploitable by tricking a user into opening a malicious PDF or via a browser plugin. Cisco Talos describes it as enabling remote code executio...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.64 views

CVE-2018-3945

Foxit PDF Reader (Windows) vulnerable to CVE-2018-3945 through a use-after-free in the JavaScript engine of Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution when a user opens the malicious file. Several ...

8.8CVSS8.3AI score0.03197EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.63 views

CVE-2018-3992

CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...

8.8CVSS8.3AI score0.02848EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.63 views

CVE-2018-3997

The CVE-2018-3997 entry concerns Foxit PDF Reader. A use-after-free in the JavaScript engine of Foxit PDF Reader, version 9.2.0.9297, can be triggered by a specially crafted PDF, causing reuse of a previously freed object and arbitrary code execution. An attacker must entice the user to open the ...

8.8CVSS8.3AI score0.03039EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.63 views

CVE-2018-5680

CVE-2018-5680 affects Foxit Reader prior to 9.1 and Foxit PhantomPDF prior to 9.1. The vulnerability arises in the processing of specially crafted PDF files that contain embedded u3d images, due to insufficient validation of user-supplied data which can cause a read past the end of an allocated o...

8.8CVSS8.6AI score0.03371EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.61 views

CVE-2018-16293

CVE-2018-16293 is a use-after-free vulnerability in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3. A specially crafted PDF can trigger a previously freed object to be reused, leading to arbitrary code execution. An attacker must entice a user to open the malicious PDF...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.61 views

CVE-2018-17623

CVE-2018-17623 affects Foxit Reader 9.0.1.5096 and variants where the flaw is in the handling of Link objects. The root cause is the lack of validating an object’s existence before performing operations, enabling remote code execution in the context of the current process when a user visits a mal...

8.8CVSS8.8AI score0.03279EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.59 views

CVE-2018-17622

CVE-2018-17622 affects Foxit Reader 9.1.0.5096 (Windows). The issue is a buffer over-read in handling Calculate events caused by improper validation of user-supplied data, allowing remote attackers to disclose sensitive information and potentially execute code in the context of the current proces...

6.5CVSS6.6AI score0.03EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.59 views

CVE-2018-17624

Foxit Reader (v9.1.0.5096) contains a remote code execution vulnerability in the handling of OCG objects due to a lack of validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). An attacker...

8.8CVSS7.8AI score0.03279EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.59 views

CVE-2018-5678

Foxit Reader/PhantomPDF before 9.1 are affected by CVE-2018-5678 due to a flaw in processing PDFs with embedded u3d images, causing a heap-based buffer overflow. An attacker can exploit this via a malicious PDF to execute arbitrary code in the current process; user interaction is required (visiti...

8.8CVSS8.8AI score0.04056EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.58 views

CVE-2018-5674

Foxit Reader/PhantomPDF before 9.1 are vulnerable to CVE-2018-5674 due to improper handling of PDF files with embedded u3d images. The flaw triggers a heap-based buffer overflow when parsing specially crafted PDFs, allowing remote code execution in the context of the current process. Exploitation...

8.8CVSS8.8AI score0.04056EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.57 views

CVE-2018-17615

Foxit Reader for Windows vulnerability CVE-2018-17615 affects Foxit Reader 9.0.1.5096. The flaw lies in Mouse Exit event handling and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting...

8.8CVSS7.8AI score0.03279EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.57 views

CVE-2018-3994

CVE-2018-3994 affects Foxit PDF Reader 9.2.0.9297, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF document. This may allow arbitrary code execution when a user opens the malicious file; the browser plugin extension context could also trigger the vulner...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.56 views

CVE-2018-17608

Foxit PhantomPDF and Foxit Reader prior to version 9.3 are affected by CVE-2018-17608, where mishandling of Annotation object properties can enable a remote attacker to execute arbitrary code or cause a denial of service (use-after-free). Impact is described as high/critical across CERT/NVD data:...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.56 views

CVE-2018-17610

Foxit PhantomPDF and Foxit Reader are affected by CVE-2018-17610, with the vulnerability exploitable in versions before 9.3. The issue arises from how properties of Annotation objects are mishandled, enabling remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.56 views

CVE-2018-5679

CVE-2018-5679 affects Foxit Reader and Foxit PhantomPDF prior to 9.1. The flaw is in processing of PDF files with embedded u3d images due to insufficient validation, causing a read past end of an allocated object and enabling arbitrary code execution in the current process. The issue is exploitab...

8.8CVSS8.6AI score0.04056EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.55 views

CVE-2018-16291

CVE-2018-16291 affects Foxit Reader and Foxit PhantomPDF prior to version 9.3, where a use-after-free in the JavaScript engine can be triggered by a specially crafted PDF to execute arbitrary code. The vulnerability can be exploited when a user opens a malicious PDF file; if the browser plugin is...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.55 views

CVE-2018-16292

Summary of CVE-2018-16292 (Foxit Reader/PhantomPDF) : A use-after-free vulnerability in the JavaScript engine of Foxit Reader (before 9.3) and PhantomPDF (before 9.3) can be triggered by a specially crafted PDF to reuse a previously freed object, enabling arbitrary code execution. An attacker mus...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.55 views

CVE-2018-17609

Foxit PhantomPDF and Foxit Reader prior to 9.3 are affected by CVE-2018-17609. The issue stems from mishandling properties of Annotation objects, enabling a use-after-free vulnerability that can lead to remote code execution or denial of service. Reported with CVSS v3.0 base score 9.8 (CRITICAL) ...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.55 views

CVE-2018-17616

CVE-2018-17616 affects Foxit Reader 9.0.1.5096 for Windows. The vulnerability arises in the handling of onBlur events where the code fails to validate the existence of an object before operating on it, enabling remote code execution when a user opens a malicious file or visits a malicious page. T...

8.8CVSS7.8AI score0.03814EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.55 views

CVE-2018-17619

Foxit Reader CVE-2018-17619 affects Foxit Reader 9.0.1.5096 on Windows. The flaw is in the handling of Validate events where the code fails to verify the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicio...

8.8CVSS7.8AI score0.03814EPSS
CVE
CVE
added 2018/09/29 5:0 p.m.55 views

CVE-2018-17781

Foxit PhantomPDF and Foxit Reader are affected: versions before 9.3 are vulnerable to an Uninitialized Object Information Disclosure caused by mishandling ArrayBuffer and DataView object creation. This allows remote attackers to obtain information without user interaction. No remediation details ...

7.5CVSS7.8AI score0.02442EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.55 views

CVE-2018-3995

CVE-2018-3995 affects Foxit PDF Reader (JS engine); a vulnerability in the JavaScript engine of Foxit PDF Reader 9.2.0.9297 allows a crafted PDF to trigger a previously freed object, enabling arbitrary code execution. The impact is contingent on successfully triggering the freed object reuse. Att...

8.8CVSS8.3AI score0.02577EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.55 views

CVE-2018-3996

CVE-2018-3996 concerns Foxit PDF Reader’s JavaScript engine. The vulnerability is a use-after-free in version 9.2.0.9297 that can be triggered by a crafted PDF document, allowing arbitrary code execution by reusing a freed object. An attacker must entice the user to open the malicious file; if a ...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.55 views

CVE-2018-5677

Foxit Reader/PhantomPDF prior to 9.1 are affected by CVE-2018-5677 due to improper validation when processing PDF files containing embedded u3d images, enabling remote code execution. Exploitation requires user to open a malicious file/page. The issue is fixed in 9.1 or later. Newer products are ...

8.8CVSS8.6AI score0.04056EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.55 views

CVE-2018-7406

CVE-2018-7406 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is in the PDF u3d image handling, due to insufficient validation of user-supplied data, causing an array-indexing issue that can lead to remote code execution. Exploitation requires user interaction (visiting...

8.8CVSS8.7AI score0.04008EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.54 views

CVE-2018-16297

CVE-2018-16297 is a use-after-free in Foxit Reader/PhantomPDF’s JavaScript engine prior to 9.3. A specially crafted PDF can trigger object reuse for arbitrary code execution; user must open the file (or, with a browser plugin, visiting a malicious site could trigger it). Affected products: Foxit ...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.53 views

CVE-2018-17611

CVE-2018-17611 affects Foxit PhantomPDF and Foxit Reader prior to 9.3. The issue is a use-after-free related to mishandling properties of Annotation objects, with remote code execution or denial of service as described by NVD. The provided connected documents corroborate the affected products and...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.53 views

CVE-2018-7407

CVE-2018-7407 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The issue is a type confusion caused by insufficient validation while rendering U3D images in PDFs , allowing remote code execution. An attacker must entice the user to open a malicious page or file (user interaction r...

8.8CVSS8.7AI score0.04008EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.52 views

CVE-2018-16295

Summary (CVE-2018-16295): A use-after-free in Foxit Reader/PhantomPDF JavaScript engine (versions before 9.3) can be triggered by a specially crafted PDF, leading to arbitrary code execution. The attacker must persuade the user to open the malicious PDF; if a browser plugin is enabled, visiting a...

7.8CVSS7.8AI score0.02663EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.52 views

CVE-2018-17620

CVE-2018-17620 affects Foxit Reader 9.0.1.5096 on Windows. The vulnerability stems from flawed handling of Calculate events where the software fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. User inte...

8.8CVSS7.8AI score0.03814EPSS
CVE
CVE
added 2018/09/28 9:0 a.m.51 views

CVE-2018-17607

CVE-2018-17607 affects Foxit PhantomPDF and Foxit Reader prior to version 9.3. The vulnerability is a use-after-free caused by mishandling the properties of Annotation objects, affecting up to five distinct Annotation types. It enables remote code execution or denial of service when exploited. CV...

9.8CVSS9.3AI score0.03176EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.51 views

CVE-2018-17617

CVE-2018-17617 affects Foxit Reader for Windows (including versions around 9.0.x and 9.2.x) via onFocus handling. The flaw is a memory/object existence check issue on focus events, enabling remote code execution when a user opens a malicious file or page. Connected sources corroborate the onFocus...

8.8CVSS7.8AI score0.03814EPSS
Total number of security vulnerabilities55