109 matches found
CVE-2019-17183
CVE-2019-17183 affects Foxit Reader prior to 9.7, enabling an access violation and crash when the system has insufficient memory. Public sources in the connected set confirm affected product/version and the crash behavior; remediation is to update to Foxit Reader 9.7 or newer. The connected docum...
CVE-2019-13320
Foxit Reader 9.5.0.20723 is affected by a vulnerability in AcroForms where the code fails to verify object existence before operations, enabling remote code execution via malicious page/file with user interaction. Multiple connected sources (ZDI-19-637, CNVD-2019-22460, RH-CVE-2019-13320, NVD/NVD...
CVE-2019-13319
Foxit Reader 9.5.0.20723 (and earlier) is affected by CVE-2019-13319 due to an XFA form processing flaw where the code fails to validate object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...
CVE-2019-13318
CVE-2019-13318 affects Foxit Reader 9.5.0.20723. The issue stems from the processing of the util.printf JavaScript method: the application mishandles the %p format parameter, allowing disclosure of heap addresses to the script. This information disclosure can be leveraged in conjunction with othe...
CVE-2019-13316
Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-13316. The flaw lies in the handling of Calculate actions where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user...
CVE-2019-6776
Foxit PhantomPDF 9.5.0.20723 and earlier are affected by a removeField/AcroForms watermark handling flaw. The vulnerability stems from not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious page or file. Multiple connec...
CVE-2019-13317
The CVE-2019-13317 entry concerns Foxit PhantomPDF. Affects PhantomPDF 9.5.0.20723 and earlier, with the root cause in the Calculate actions handling: the code performs operations on an object without first validating its existence. This leads to remote code execution in the context of the curren...
CVE-2019-13315
Foxit Reader (9.5.0.20723) is affected by CVE-2019-13315 due to a flaw in removeField where code executes without validating the target object’s existence. This leads to remote arbitrary code execution when a user opens a malicious file or visits a crafted page, with user interaction required. Th...
CVE-2019-6774
CVE-2019-6774 affects Foxit Reader 9.4.1.16828. The flaw is in deleteItemAt when processing AcroForms, caused by not validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process with user interaction required (visit...
CVE-2019-6775
Foxit Reader (9.5.0.20723) is affected by CVE-2019-6775. The vulnerability resides in the AcroForm exportValues path, caused by failing to verify the existence of an object before performing operations on it, enabling remote code execution in the current process. Exploitation requires user intera...
CVE-2019-13331
CVE-2019-13331 affects Foxit Reader 9.5.0.20723. The flaw lies in JPG file parsing due to insufficient validation, allowing remote code execution with user interaction (target must visit a malicious page or open a malicious file). The issue is described across multiple sources (NVD/Red Hat PRION/...
CVE-2019-13332
Foxit Reader 9.6.0.25114 is affected by a vulnerability in XFA form template processing. The issue arises from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that can enable remote code execution. Exploitation requires user inte...
CVE-2019-13326
CVE-2019-13326 affects Foxit Reader 9.5.0.20723. The vulnerability stems from processing AcroForm fields without validating object existence, enabling remote code execution when a user opens a malicious file or page. Exploitation requires user interaction. A fix is available via updating Foxit Re...
CVE-2019-13328
CVE-2019-13328 is a Foxit Reader vulnerability affecting the AcroForm handling. The flaw is caused by not validating the existence of an object before performing operations on it within Acroform fields, enabling remote code execution when a user visits a malicious page or opens a crafted file. Af...
CVE-2019-13329
Foxit Reader is affected by CVE-2019-13329. The vulnerability arises in the processing of TIF files due to incomplete validation of user-supplied data, causing a type confusion condition. It can allow remote attackers to execute arbitrary code in the context of the current process, with user inte...
CVE-2019-13327
CVE-2019-13327 affects Foxit Reader 9.5.0.20723. The issue is a use-after-free-like flaw in AcroForm field processing, arising from failing to validate the existence of an object before operations, enabling arbitrary code execution in the current process when a user opens a malicious file/page. E...
CVE-2019-13330
Foxit Reader CVE-2019-13330 affects Foxit Reader 9.5.0.20723. The flaw is in JPG file processing, caused by a lack of validation that leads to a type confusion and remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Connected advi...
CVE-2019-5031
CVE-2019-5031 affects Foxit PDF Reader, version 9.4.1.16828. The vulnerability is a memory corruption in the V8/JavaScript engine that can be triggered by a specially crafted PDF, causing an out-of-memory condition and arbitrary code execution. Exploitation requires the user to open the malicious...
CVE-2018-3956
CVE-2018-3956 is an out-of-bounds read/write vulnerability in Foxit Software’s PDF Reader/PhantomPDF related to handling of XFA element attributes. Affected products include Foxit Reader and Foxit PhantomPDF prior to version 9.4, with a specific reference to Foxit PDF Reader 9.1.0.5096. The vulne...
CVE-2019-6734
This CVE (CVE-2019-6734) concerns Foxit PhantomPDF/Reader components vulnerable via the JavaScript setInterval handling, leading to a use-after-free condition that can disclose memory content. Affected products are Foxit PhantomPDF (and Foxit Reader per CNVD/PRION references) with unspecified exa...
CVE-2018-17691
CVE-2018-17691 affects Foxit PhantomPDF (9.2.0.9297 and likely earlier); the issue arises in the HTML-to-PDF conversion when the software fails to validate an object’s existence before performing operations. This use-after-free style flaw enables remote code execution with the attacker hosting a ...
CVE-2019-6733
CVE-2019-6733 affects Foxit PhantomPDF (PDF handling). The issue is an out-of-bounds read from improper validation of user-supplied data in PDF processing, which can disclose sensitive information. It is exploitable via remote interaction when a user opens a malicious page/file, and an attacker m...
CVE-2018-17662
CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...
CVE-2018-17658
CVE-2018-17658 affects Foxit Reader 9.2.0.9297 and earlier, where the vulnerability stems from improper handling of the host object’s respose property and a lack of validating object existence before operations. This allows remote code execution in the context of the current process and requires ...
CVE-2018-17701
CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...
CVE-2018-17629
Foxit Reader 9.1.0.5096 is affected by a template-objects handling vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before performing operations on it, enabling an attacker to run code in the current process. Exploitation requires u...
CVE-2018-17642
Foxit Reader (v9.2.0.9297 and earlier) is affected by a TimeField colSpan handling flaw that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the current process. Exploi...
CVE-2018-17675
CVE-2018-17675 concerns Foxit Reader. The vulnerability exists in the handling of the removeDataObject method of a document and stems from not validating the existence of an object before performing operations. It enables remote code execution in the context of the current process on vulnerable F...
CVE-2018-17688
CVE-2018-17688 affects Foxit PhantomPDF/Reader on Windows; a memory misreference in the ComboBox setItems handling leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Targets include P...
CVE-2018-17703
Foxit Reader (Windows) is affected, including version 9.2.0.9297 and earlier, with vulnerabilities tied to the handling of the defaultValue property of ComboBox objects. The underlying flaw is a failure to validate the existence of an object before performing operations, resulting in a use-after-...
CVE-2019-6729
CVE-2019-6729 is a remote-code-execution vulnerability in Foxit Reader and Foxit PhantomPDF for Windows caused by an out-of-bounds read during PDF processing due to improper validation of input data (read past end of allocated buffer). It requires user interaction (malicious page or file). Affect...
CVE-2018-17669
CVE-2018-17669 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the handling of the name property of an XFA object and stems from not validating the existence of the object before performing operations, enabling remote code execution with current-process privileges after user visits a ma...
CVE-2018-17700
CVE-2018-17700 affects Foxit PhantomPDF 9.2.0.9297 (Windows). The root cause is a flaw in handling of Array.prototype.concat due to insufficient validation of user-supplied data, allowing a read past the end of an allocated object. This leads to remote code execution in the context of the current...
CVE-2019-6732
Foxit PhantomPDF (and Foxit Reader) is affected by CVE-2019-6732 due to improper validation in AFParseDateEx, causing an out-of-bounds read that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be trigg...
CVE-2018-17664
CVE-2018-17664 affects Foxit Reader 9.2.0.9297 and earlier in Windows, due to a flaw in the isCompatibleNS handling of an XFA object. The issue arises from not validating the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context o...
CVE-2018-17682
Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17682 due to a use-after-free/memory misreference in the handling of the delay property of Annotation objects. The flaw allows remote code execution in the context of the current process when a user opens a malicious file/page ...
CVE-2018-17694
CVE-2018-17694 affects Foxit PhantomPDF 9.2.0.9297 (and related Foxit PDF products in some feeds) with a display-property handling flaw in a button where the program does not verify an object’s existence before acting. This leads to remote code execution in the context of the current process, wit...
CVE-2018-17652
CVE-2018-17652 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the XFA TimeField mandatory property handling, caused by not validating the existence of an object before performing operations, which enables a remote attacker to execute code in the context of the current process via a cra...
CVE-2018-17663
Foxit Reader 9.2.0.9297 is affected by CVE-2018-17663 due to a memory misreference in the Host.importData path. The flaw stems from not validating the existence of an object before performing operations on it, allowing remote code execution when a user visits a malicious page or opens a malicious...
CVE-2018-17683
Foxit Reader 9.2.0.9297 (and earlier per CNVD) is affected by a vulnerability in the createIcon handling of an app object. The flaw is a lack of validation for object existence before operations, leading to remote code execution. User interaction is required (visiting a malicious page or opening ...
CVE-2018-17689
CVE-2018-17689 affects Foxit PhantomPDF (and related Foxit viewer components) with a remote code execution flaw in the fillColor handling of a radio button. The root cause is lack of object existence validation before operations, enabling code execution in the current process after user interacti...
CVE-2018-17692
CVE-2018-17692 affects Foxit PhantomPDF (and Foxit Reader) for Windows, specifically the HTML-to-PDF conversion path. The root cause is an out-of-bounds write stemming from inadequate validation of user-supplied data during HTML-to-PDF conversion, allowing remote code execution. Affected versions...
CVE-2018-17698
CVE-2018-17698 affects Foxit PhantomPDF (Windows) with vulnerable 9.2.0.9297 and related builds. The flaw is in the handling of the richValue property of a text field, arising from not validating the existence of an object before performing operations. This use-after-free scenario enables remote ...
CVE-2019-6727
CVE-2019-6727 involves Foxit Reader (XFA remerge method) where a failure to validate the existence of an object before operating on it enables remote code execution after user visits a malicious page or opens a malicious file. The issue is characterized as a use-after-free/invalid object handling...
CVE-2019-6728
The CVE-2019-6728 issue affects Foxit Reader (PDF processing path) and is due to an out-of-bounds read caused by inadequate validation of user-supplied data, resulting in a read past the end of an allocated buffer. This vulnerability can disclose sensitive information and, in conjunction with oth...
CVE-2019-6730
CVE-2019-6730 affects Foxit Reader (and PhantomPDF in some records) via the popUpMenu method. The root cause is failure to validate the existence of an object before performing operations, leading to a use-after-free/memory misreference . This allows remote attackers to execute arbitrary code in ...
CVE-2018-17628
Foxit Reader (Windows) 9.2.0.9297 and earlier versions are affected by CVE-2018-17628. The flaw occurs in the XFA setInterval method due to not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits a crafted...
CVE-2018-17647
CVE-2018-17647 affects Foxit Reader 9.2.0.9297 for Windows, where the boundItem method of a TimeField can be mishandled due to not validating the existence of an object, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file)....
CVE-2018-17696
Foxit Reader 9.2.0.9297 (and earlier) is affected by a dataObjects handling vulnerability that fails to validate object existence before operations, enabling remote code execution when a user opens a malicious file or visits a malicious page. The flaw allows code to run in the context of the curr...
CVE-2019-6731
Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...