Lucene search
+L

109 matches found

CVE
CVE
added 2019/10/04 8:0 p.m.201 views

CVE-2019-17183

CVE-2019-17183 affects Foxit Reader prior to 9.7, enabling an access violation and crash when the system has insufficient memory. Public sources in the connected set confirm affected product/version and the crash behavior; remediation is to update to Foxit Reader 9.7 or newer. The connected docum...

7.5CVSS8.1AI score0.01359EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.187 views

CVE-2019-13320

Foxit Reader 9.5.0.20723 is affected by a vulnerability in AcroForms where the code fails to verify object existence before operations, enabling remote code execution via malicious page/file with user interaction. Multiple connected sources (ZDI-19-637, CNVD-2019-22460, RH-CVE-2019-13320, NVD/NVD...

7.8CVSS7.8AI score0.04089EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.185 views

CVE-2019-13319

Foxit Reader 9.5.0.20723 (and earlier) is affected by CVE-2019-13319 due to an XFA form processing flaw where the code fails to validate object existence before operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious fil...

7.8CVSS7.8AI score0.04089EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.181 views

CVE-2019-13318

CVE-2019-13318 affects Foxit Reader 9.5.0.20723. The issue stems from the processing of the util.printf JavaScript method: the application mishandles the %p format parameter, allowing disclosure of heap addresses to the script. This information disclosure can be leveraged in conjunction with othe...

5.5CVSS5.5AI score0.05834EPSS
CVE
CVE
added 2019/10/04 5:35 p.m.175 views

CVE-2019-13316

Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-13316. The flaw lies in the handling of Calculate actions where the code fails to validate the existence of an object before performing operations, enabling remote code execution in the context of the current process. Exploitation requires user...

7.8CVSS7.8AI score0.07711EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.174 views

CVE-2019-6776

Foxit PhantomPDF 9.5.0.20723 and earlier are affected by a removeField/AcroForms watermark handling flaw. The vulnerability stems from not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious page or file. Multiple connec...

7.8CVSS7.6AI score0.03935EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.172 views

CVE-2019-13317

The CVE-2019-13317 entry concerns Foxit PhantomPDF. Affects PhantomPDF 9.5.0.20723 and earlier, with the root cause in the Calculate actions handling: the code performs operations on an object without first validating its existence. This leads to remote code execution in the context of the curren...

7.8CVSS7.8AI score0.07711EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.167 views

CVE-2019-13315

Foxit Reader (9.5.0.20723) is affected by CVE-2019-13315 due to a flaw in removeField where code executes without validating the target object’s existence. This leads to remote arbitrary code execution when a user opens a malicious file or visits a crafted page, with user interaction required. Th...

7.8CVSS7.8AI score0.07711EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.166 views

CVE-2019-6774

CVE-2019-6774 affects Foxit Reader 9.4.1.16828. The flaw is in deleteItemAt when processing AcroForms, caused by not validating the existence of an object before performing operations. This can allow remote code execution in the context of the current process with user interaction required (visit...

7.8CVSS7.8AI score0.0421EPSS
CVE
CVE
added 2019/10/04 5:37 p.m.166 views

CVE-2019-6775

Foxit Reader (9.5.0.20723) is affected by CVE-2019-6775. The vulnerability resides in the AcroForm exportValues path, caused by failing to verify the existence of an object before performing operations on it, enabling remote code execution in the current process. Exploitation requires user intera...

7.8CVSS7.8AI score0.0421EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.145 views

CVE-2019-13331

CVE-2019-13331 affects Foxit Reader 9.5.0.20723. The flaw lies in JPG file parsing due to insufficient validation, allowing remote code execution with user interaction (target must visit a malicious page or open a malicious file). The issue is described across multiple sources (NVD/Red Hat PRION/...

7.8CVSS8.1AI score0.05506EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.140 views

CVE-2019-13332

Foxit Reader 9.6.0.25114 is affected by a vulnerability in XFA form template processing. The issue arises from not validating the existence of an object before performing operations on it, leading to a use-after-free condition that can enable remote code execution. Exploitation requires user inte...

7.8CVSS8.1AI score0.03852EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.138 views

CVE-2019-13326

CVE-2019-13326 affects Foxit Reader 9.5.0.20723. The vulnerability stems from processing AcroForm fields without validating object existence, enabling remote code execution when a user opens a malicious file or page. Exploitation requires user interaction. A fix is available via updating Foxit Re...

7.8CVSS8.1AI score0.03852EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.138 views

CVE-2019-13328

CVE-2019-13328 is a Foxit Reader vulnerability affecting the AcroForm handling. The flaw is caused by not validating the existence of an object before performing operations on it within Acroform fields, enabling remote code execution when a user visits a malicious page or opens a crafted file. Af...

7.8CVSS8.1AI score0.03852EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.134 views

CVE-2019-13329

Foxit Reader is affected by CVE-2019-13329. The vulnerability arises in the processing of TIF files due to incomplete validation of user-supplied data, causing a type confusion condition. It can allow remote attackers to execute arbitrary code in the context of the current process, with user inte...

7.8CVSS8.1AI score0.03852EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.126 views

CVE-2019-13327

CVE-2019-13327 affects Foxit Reader 9.5.0.20723. The issue is a use-after-free-like flaw in AcroForm field processing, arising from failing to validate the existence of an object before operations, enabling arbitrary code execution in the current process when a user opens a malicious file/page. E...

7.8CVSS8.1AI score0.03852EPSS
CVE
CVE
added 2019/10/03 9:33 p.m.121 views

CVE-2019-13330

Foxit Reader CVE-2019-13330 affects Foxit Reader 9.5.0.20723. The flaw is in JPG file processing, caused by a lack of validation that leads to a type confusion and remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Connected advi...

7.8CVSS8.1AI score0.05506EPSS
CVE
CVE
added 2019/10/02 3:55 p.m.99 views

CVE-2019-5031

CVE-2019-5031 affects Foxit PDF Reader, version 9.4.1.16828. The vulnerability is a memory corruption in the V8/JavaScript engine that can be triggered by a specially crafted PDF, causing an out-of-memory condition and arbitrary code execution. Exploitation requires the user to open the malicious...

8.8CVSS8.8AI score0.0604EPSS
CVE
CVE
added 2019/01/30 10:0 p.m.76 views

CVE-2018-3956

CVE-2018-3956 is an out-of-bounds read/write vulnerability in Foxit Software’s PDF Reader/PhantomPDF related to handling of XFA element attributes. Affected products include Foxit Reader and Foxit PhantomPDF prior to version 9.4, with a specific reference to Foxit PDF Reader 9.1.0.5096. The vulne...

7.1CVSS6.7AI score0.49566EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.73 views

CVE-2019-6734

This CVE (CVE-2019-6734) concerns Foxit PhantomPDF/Reader components vulnerable via the JavaScript setInterval handling, leading to a use-after-free condition that can disclose memory content. Affected products are Foxit PhantomPDF (and Foxit Reader per CNVD/PRION references) with unspecified exa...

6.5CVSS6.2AI score0.04203EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.65 views

CVE-2018-17691

CVE-2018-17691 affects Foxit PhantomPDF (9.2.0.9297 and likely earlier); the issue arises in the HTML-to-PDF conversion when the software fails to validate an object’s existence before performing operations. This use-after-free style flaw enables remote code execution with the attacker hosting a ...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.65 views

CVE-2019-6733

CVE-2019-6733 affects Foxit PhantomPDF (PDF handling). The issue is an out-of-bounds read from improper validation of user-supplied data in PDF processing, which can disclose sensitive information. It is exploitable via remote interaction when a user opens a malicious page/file, and an attacker m...

6.5CVSS6.2AI score0.0429EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.64 views

CVE-2018-17662

CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.63 views

CVE-2018-17658

CVE-2018-17658 affects Foxit Reader 9.2.0.9297 and earlier, where the vulnerability stems from improper handling of the host object’s respose property and a lack of validating object existence before operations. This allows remote code execution in the context of the current process and requires ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.62 views

CVE-2018-17701

CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17629

Foxit Reader 9.1.0.5096 is affected by a template-objects handling vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before performing operations on it, enabling an attacker to run code in the current process. Exploitation requires u...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17642

Foxit Reader (v9.2.0.9297 and earlier) is affected by a TimeField colSpan handling flaw that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the current process. Exploi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17675

CVE-2018-17675 concerns Foxit Reader. The vulnerability exists in the handling of the removeDataObject method of a document and stems from not validating the existence of an object before performing operations. It enables remote code execution in the context of the current process on vulnerable F...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17688

CVE-2018-17688 affects Foxit PhantomPDF/Reader on Windows; a memory misreference in the ComboBox setItems handling leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Targets include P...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.60 views

CVE-2018-17703

Foxit Reader (Windows) is affected, including version 9.2.0.9297 and earlier, with vulnerabilities tied to the handling of the defaultValue property of ComboBox objects. The underlying flaw is a failure to validate the existence of an object before performing operations, resulting in a use-after-...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.60 views

CVE-2019-6729

CVE-2019-6729 is a remote-code-execution vulnerability in Foxit Reader and Foxit PhantomPDF for Windows caused by an out-of-bounds read during PDF processing due to improper validation of input data (read past end of allocated buffer). It requires user interaction (malicious page or file). Affect...

8.8CVSS8.8AI score0.03719EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17669

CVE-2018-17669 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the handling of the name property of an XFA object and stems from not validating the existence of the object before performing operations, enabling remote code execution with current-process privileges after user visits a ma...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17700

CVE-2018-17700 affects Foxit PhantomPDF 9.2.0.9297 (Windows). The root cause is a flaw in handling of Array.prototype.concat due to insufficient validation of user-supplied data, allowing a read past the end of an allocated object. This leads to remote code execution in the context of the current...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.59 views

CVE-2019-6732

Foxit PhantomPDF (and Foxit Reader) is affected by CVE-2019-6732 due to improper validation in AFParseDateEx, causing an out-of-bounds read that can disclose sensitive information. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and can be trigg...

6.5CVSS6.2AI score0.04088EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.58 views

CVE-2018-17664

CVE-2018-17664 affects Foxit Reader 9.2.0.9297 and earlier in Windows, due to a flaw in the isCompatibleNS handling of an XFA object. The issue arises from not validating the existence of an object before performing operations, enabling a remote attacker to execute arbitrary code in the context o...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.58 views

CVE-2018-17682

Foxit Reader (Windows) 9.2.0.9297 and earlier is affected by CVE-2018-17682 due to a use-after-free/memory misreference in the handling of the delay property of Annotation objects. The flaw allows remote code execution in the context of the current process when a user opens a malicious file/page ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.58 views

CVE-2018-17694

CVE-2018-17694 affects Foxit PhantomPDF 9.2.0.9297 (and related Foxit PDF products in some feeds) with a display-property handling flaw in a button where the program does not verify an object’s existence before acting. This leads to remote code execution in the context of the current process, wit...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17652

CVE-2018-17652 affects Foxit Reader 9.2.0.9297 (Windows). The flaw is in the XFA TimeField mandatory property handling, caused by not validating the existence of an object before performing operations, which enables a remote attacker to execute code in the context of the current process via a cra...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17663

Foxit Reader 9.2.0.9297 is affected by CVE-2018-17663 due to a memory misreference in the Host.importData path. The flaw stems from not validating the existence of an object before performing operations on it, allowing remote code execution when a user visits a malicious page or opens a malicious...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17683

Foxit Reader 9.2.0.9297 (and earlier per CNVD) is affected by a vulnerability in the createIcon handling of an app object. The flaw is a lack of validation for object existence before operations, leading to remote code execution. User interaction is required (visiting a malicious page or opening ...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17689

CVE-2018-17689 affects Foxit PhantomPDF (and related Foxit viewer components) with a remote code execution flaw in the fillColor handling of a radio button. The root cause is lack of object existence validation before operations, enabling code execution in the current process after user interacti...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17692

CVE-2018-17692 affects Foxit PhantomPDF (and Foxit Reader) for Windows, specifically the HTML-to-PDF conversion path. The root cause is an out-of-bounds write stemming from inadequate validation of user-supplied data during HTML-to-PDF conversion, allowing remote code execution. Affected versions...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.57 views

CVE-2018-17698

CVE-2018-17698 affects Foxit PhantomPDF (Windows) with vulnerable 9.2.0.9297 and related builds. The flaw is in the handling of the richValue property of a text field, arising from not validating the existence of an object before performing operations. This use-after-free scenario enables remote ...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.57 views

CVE-2019-6727

CVE-2019-6727 involves Foxit Reader (XFA remerge method) where a failure to validate the existence of an object before operating on it enables remote code execution after user visits a malicious page or opens a malicious file. The issue is characterized as a use-after-free/invalid object handling...

8.8CVSS8.8AI score0.0415EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.57 views

CVE-2019-6728

The CVE-2019-6728 issue affects Foxit Reader (PDF processing path) and is due to an out-of-bounds read caused by inadequate validation of user-supplied data, resulting in a read past the end of an allocated buffer. This vulnerability can disclose sensitive information and, in conjunction with oth...

6.5CVSS6.4AI score0.04647EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.57 views

CVE-2019-6730

CVE-2019-6730 affects Foxit Reader (and PhantomPDF in some records) via the popUpMenu method. The root cause is failure to validate the existence of an object before performing operations, leading to a use-after-free/memory misreference . This allows remote attackers to execute arbitrary code in ...

8.8CVSS8.8AI score0.0415EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17628

Foxit Reader (Windows) 9.2.0.9297 and earlier versions are affected by CVE-2018-17628. The flaw occurs in the XFA setInterval method due to not validating the existence of an object before performing operations, enabling remote code execution when a user opens a malicious file or visits a crafted...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17647

CVE-2018-17647 affects Foxit Reader 9.2.0.9297 for Windows, where the boundItem method of a TimeField can be mishandled due to not validating the existence of an object, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file)....

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.56 views

CVE-2018-17696

Foxit Reader 9.2.0.9297 (and earlier) is affected by a dataObjects handling vulnerability that fails to validate object existence before operations, enabling remote code execution when a user opens a malicious file or visits a malicious page. The flaw allows code to run in the context of the curr...

8.8CVSS7.8AI score0.03855EPSS
CVE
CVE
added 2019/03/19 7:56 p.m.56 views

CVE-2019-6731

Foxit PhantomPDF (and Foxit Reader/PhantomPDF family cited in related records) contains an HTML-to-PDF conversion flaw in which insufficient validation of user-supplied data can cause a read past the end of an allocated object, enabling remote code execution. The vulnerability requires user inter...

8.8CVSS8.7AI score0.03719EPSS
Total number of security vulnerabilities109