Lucene search
+L

72 matches found

cve
cve
added 2020/02/13 10:20 p.m.139 views

CVE-2020-8847

Foxit Reader 9.7.0.29455 is affected by CVE-2020-8847 due to a JPEG2000 parsing flaw that allows out-of-bounds writes in a component handling JPEG2000 data. The issue enables remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). The root caus...

7.8CVSS7.8AI score0.06078EPSS
cve
cve
added 2020/02/13 10:20 p.m.133 views

CVE-2020-8857

CVE-2020-8857 affects Foxit Reader 9.7.0.29455 (and related versions in some records) where the flaw resides in parsing of form Annotation objects within AcroForms. The root cause is failure to validate the existence of an object before performing operations on it, leading to remote code executio...

7.8CVSS7.8AI score0.06078EPSS
cve
cve
added 2020/02/13 10:20 p.m.128 views

CVE-2020-8849

Foxit Reader 9.7.0.29455 (and related versions) is affected by a JPEG2000 file parsing vulnerability that can lead to remote code execution. The flaw arises from improper validation of user-supplied data, causing a write past the end of an allocated structure in JPEG2000 processing. Exploitation ...

7.8CVSS7.8AI score0.05955EPSS
cve
cve
added 2020/02/13 10:20 p.m.124 views

CVE-2020-8845

Foxit PhantomPDF 9.6.0.25114 is affected by a remote code execution vulnerability in the AcroForms watermark handling. The flaw stems from not validating the existence of an object before performing operations on it, enabling an attacker to run code in the process context after user interaction (...

7.8CVSS7.8AI score0.19457EPSS
cve
cve
added 2020/02/13 10:20 p.m.124 views

CVE-2020-8851

Foxit Reader 9.7.0.29455 is affected by a JPEG2000 processing vulnerability that allows remote code execution via out-of-bounds write due to insufficient validation of data, requiring user interaction (visiting a malicious page or opening a malicious file). The issue (CVE-2020-8851) is documented...

7.8CVSS7.8AI score0.05955EPSS
cve
cve
added 2020/02/13 10:20 p.m.122 views

CVE-2020-8852

CVE-2020-8852 affects Foxit Reader 9.7.0.29455 (and related records) with an out-of-bounds read in JPEG2000 file processing that can disclose sensitive information. Root cause: insufficient validation of user-supplied data leading to a read past the end of an allocated buffer. Attack requires use...

4.3CVSS3.3AI score0.04176EPSS
cve
cve
added 2020/02/13 10:20 p.m.119 views

CVE-2020-8850

Foxit Reader is affected by a JPEG2000 parsing vulnerability (CVE-2020-8850) in versions around 9.7.0.29455 and earlier. The flaw stems from insufficient validation of user-supplied data during JPEG2000 processing, causing a write past the end of an allocated structure and enabling remote code ex...

7.8CVSS7.8AI score0.05955EPSS
cve
cve
added 2020/02/13 10:20 p.m.117 views

CVE-2020-8853

Foxit PhantomPDF 9.7.0.29478 is vulnerable to a HTML2PDF conversion out-of-bounds write that can allow remote code execution. The flaw arises from insufficient validation of user-supplied data during HTML-to-PDF conversion, enabling a write past the end of an allocated structure. Exploitation req...

7.8CVSS7.8AI score0.06004EPSS
cve
cve
added 2020/02/13 10:20 p.m.117 views

CVE-2020-8856

CVE-2020-8856 (Foxit PhantomPDF) affects Foxit PhantomPDF 9.6.0.25608 and possibly earlier builds, with a flaw in the handling of watermarks. The root cause is the failure to validate the existence of an object before performing operations on it, enabling an attacker to execute arbitrary code in ...

7.8CVSS7.8AI score0.19837EPSS
cve
cve
added 2020/02/13 10:20 p.m.116 views

CVE-2020-8844

Summary of CVE-2020-8844 (Foxit Reader) : The vulnerability affects Foxit Reader 9.6.0.25114, arising from improper validation in the JPEG parsing path used by ConvertToPDF. The flaw is an integer overflow caused by processing user-supplied data, which can lead to arbitrary code execution in the ...

7.8CVSS7.9AI score0.31467EPSS
cve
cve
added 2020/02/13 10:20 p.m.107 views

CVE-2020-8848

Foxit Reader 9.7.0.29455 is affected by a JPEG2000 parsing vulnerability: a lack of input validation leads to an out-of-bounds write in processing JPEG2000 data, allowing remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The iss...

7.8CVSS7.8AI score0.06078EPSS
cve
cve
added 2020/02/13 10:20 p.m.106 views

CVE-2020-8854

Foxit PhantomPDF is vulnerable to a JPEG-to-PDF conversion out-of-bounds write that can lead to remote code execution. Affected product: Foxit PhantomPDF 9.7.0.29478 (and earlier per CNVD), with the flaw caused by improper validation of user-supplied data during JPEG-to-PDF conversion, resulting ...

7.8CVSS7.8AI score0.06055EPSS
cve
cve
added 2020/01/16 9:55 p.m.103 views

CVE-2019-5131

Foxit PDF Reader (Foxit Reader) is affected by a use-after-free vulnerability in the JavaScript engine for version 9.7.0.29435 (and possibly earlier per advisories). A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. Exploitation requires th...

8.8CVSS8.7AI score0.02422EPSS
cve
cve
added 2020/02/13 10:20 p.m.102 views

CVE-2020-8855

Foxit PhantomPDF 9.7.0.2947 (and earlier versions) is affected by a use-after-free in fxhtml2pdf.exe that hinges on failing to validate the existence of an object before operations, enabling remote code execution when a user visits a crafted page or opens a malicious file. The issue allows code e...

7.8CVSS7.8AI score0.06078EPSS
cve
cve
added 2020/01/16 9:59 p.m.101 views

CVE-2019-5126

CVE-2019-5126 affects Foxit PDF Reader (and related Foxit products) with an exploitable use-after-free in the JavaScript engine of Foxit Reader 9.7.0.29435. A specially crafted PDF can trigger a freed object reuse, enabling arbitrary code execution. Attack requires user action to open the malicio...

8.8CVSS8.7AI score0.03485EPSS
cve
cve
added 2020/02/13 10:20 p.m.101 views

CVE-2020-8846

CVE-2020-8846 affects Foxit PhantomPDF 9.6.0.25114 (and related) via a flaw in how text field objects are handled. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to trigger remote code execution. Some records describe it as a use‑...

7.8CVSS7.8AI score0.19837EPSS
cve
cve
added 2020/01/16 10:0 p.m.100 views

CVE-2019-5130

CVE-2019-5130 is a use-after-free vulnerability in Foxit PDF Reader (JavaScript engine). Multiple connected sources (Talos: Foxit PDF Reader 9.7.0.29435; Red Hat/NVD: same code path) describe that a crafted PDF can trigger a freed object to be reused, enabling arbitrary code execution. The vulner...

8.8CVSS8.7AI score0.02312EPSS
cve
cve
added 2020/01/16 10:1 p.m.100 views

CVE-2019-5145

CVE-2019-5145 describes an exploitable use-after-free in the Foxit PDF Reader JavaScript engine (version 9.7.0.29435). The vulnerability occurs when a crafted PDF triggers reuse of a freed object, enabling arbitrary code execution. Impact is arbitrary code execution with high severity (per CVSS a...

8.8CVSS8.7AI score0.03107EPSS
cve
cve
added 2020/04/22 8:51 p.m.93 views

CVE-2020-10912

CVE-2020-10912 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) and is tied to the SetFieldValue command in Foxit’s communication API. The root cause is a lack of validation of user-supplied data, leading to a type confusion condition and enabling arbitrary code execution in the cont...

7.8CVSS7.9AI score0.04689EPSS
cve
cve
added 2020/04/22 8:51 p.m.87 views

CVE-2020-10907

CVE-2020-10907 affects Foxit Reader (9.7.1.29511) and PhantomPDF via XFA widget processing. The root cause is missing validation of an object’s existence before operations in XFA forms, enabling arbitrary code execution when a user opens a malicious file/page or visits a crafted page. The issue i...

7.8CVSS7.8AI score0.04787EPSS
cve
cve
added 2020/04/22 8:51 p.m.86 views

CVE-2020-10902

Foxit PhantomPDF 9.7.1.29511 is affected by a U3D object handling flaw that can cause a read past the end of an allocated structure, enabling remote code execution after user interaction. The issue (CVE-2020-10902) arises in the 3D/U3D processing path and is exploitable when a malicious file or p...

7.8CVSS7.8AI score0.04826EPSS
cve
cve
added 2020/08/19 8:55 p.m.86 views

CVE-2020-15638

The CVE-2020-15638 entry affects Foxit PhantomPDF (version 9.7.2.29539) where the flaw in NodeProperties::InferReceiverMapsUnsafe arises from insufficient validation of user-supplied data, causing a type confusion condition. This can allow remote code execution in the context of the current proce...

7.8CVSS7.9AI score0.06111EPSS
cve
cve
added 2020/04/22 8:51 p.m.84 views

CVE-2020-10909

Foxit PhantomPDF (and related Foxit PDF products) is affected by CVE-2020-10909 due to a type-confusion in the AddWatermark handling of the communication API. The root cause is improper validation of user-supplied data, enabling remote code execution on the current process after user interaction ...

7.8CVSS7.9AI score0.04689EPSS
cve
cve
added 2020/04/22 8:51 p.m.82 views

CVE-2020-10908

CVE-2020-10908 affects Foxit PhantomPDF 9.7.0.29478. The issue is a type confusion in the Export command handling within the communication API, arising from insufficient validation of user-supplied data. It enables remote code execution in the context of the current process and requires user inte...

7.8CVSS7.9AI score0.04689EPSS
cve
cve
added 2020/04/22 8:51 p.m.81 views

CVE-2020-10901

CVE-2020-10901 affects Foxit PhantomPDF 9.7.1.29511. The vulnerability lies in U3D object handling in PDF files and results from insufficient validation of user-supplied data, causing a read past the end of an allocated object. It enables remote information disclosure and, when combined with othe...

4.3CVSS3.3AI score0.03476EPSS
cve
cve
added 2020/04/22 8:50 p.m.79 views

CVE-2020-10891

Foxit PhantomPDF 9.7.0.29478 is affected by a type confusion vulnerability in the Save command handling of the communication API. The flaw arises from improper validation of user-supplied data, enabling remote code execution when a user visits a malicious page or opens a malicious file (requires ...

7.8CVSS7.9AI score0.04728EPSS
cve
cve
added 2020/04/22 8:51 p.m.79 views

CVE-2020-10900

Foxit Reader/PhantomPDF 9.7.1.29511 on Windows is vulnerable to remote code execution via AcroForms processing. The root cause is a failure to validate an object’s existence before performing operations, effectively a use-after-free style flaw exposed when a user opens a malicious file or visits ...

7.8CVSS7.8AI score0.04787EPSS
cve
cve
added 2020/04/22 8:51 p.m.79 views

CVE-2020-10904

CVE-2020-10904 affects Foxit PhantomPDF (and Foxit Reader components) with a flaw in U3D object handling in PDF files, allowing remote code execution via write past the end of an allocated object. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) ...

7.8CVSS7.8AI score0.04826EPSS
cve
cve
added 2020/04/22 8:50 p.m.78 views

CVE-2020-10893

The CVE-2020-10893 issue affects Foxit PhantomPDF (and related components) where the U3D object handling in PDFs allows a write past the end of an allocated structure due to inadequate validation, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or...

7.8CVSS7.8AI score0.04728EPSS
cve
cve
added 2020/04/22 8:51 p.m.78 views

CVE-2020-10906

CVE-2020-10906 affects Foxit Reader/PhantomPDF (Windows) prior to 9.7.2. The flaw is in resetForm and stems from not validating the existence of an object before performing operations, enabling use-after-free that can lead to remote code execution. Exploitation requires user interaction (open a m...

7.8CVSS7.8AI score0.04787EPSS
cve
cve
added 2020/08/19 8:55 p.m.77 views

CVE-2020-15637

The CVE-2020-15637 entry concerns Foxit PhantomPDF (and related Foxit products) with a use-after-free flaw in SetLocalDescription that can disclose sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and is described as a local/vec...

4.3CVSS3.8AI score0.04074EPSS
cve
cve
added 2020/04/22 8:50 p.m.75 views

CVE-2020-10890

Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10890 due to a flaw in the communication API’s ConvertToPDF command that allows an attacker-controlled data write to arbitrary files, enabling remote code execution in the context of the current process. Exploitation requires user interaction (...

8.8CVSS8.8AI score0.0217EPSS
cve
cve
added 2020/04/22 8:50 p.m.75 views

CVE-2020-10895

CVE-2020-10895 affects Foxit PhantomPDF 9.7.1.29511 and its 3D/U3D handling in PDFs. The flaw stems from inadequate validation of user-supplied data, causing a read past the end of an allocated structure and enabling remote code execution in the context of the current process. User interaction is...

7.8CVSS7.8AI score0.04826EPSS
cve
cve
added 2020/04/22 8:50 p.m.75 views

CVE-2020-10898

CVE-2020-10898 affects Foxit PhantomPDF (and Foxit Reader/3D Plugin U3DBrowser) 9.7.1.29511, due to improper validation in handling of U3D objects in PDF files. The flaw can lead to a read past the end of an allocated structure, enabling remote code execution in the context of the current process...

7.8CVSS7.8AI score0.04826EPSS
cve
cve
added 2020/04/22 8:51 p.m.74 views

CVE-2020-10903

CVE-2020-10903 affects Foxit PhantomPDF 9.7.1.29511, where U3D objects in PDFs are not properly validated, causing an out-of-bounds read that can disclose sensitive data. The issue requires user interaction (visiting a malicious page or opening a malicious file) and, in combination with other vul...

4.3CVSS3.3AI score0.03405EPSS
cve
cve
added 2020/04/22 8:51 p.m.74 views

CVE-2020-10910

CVE-2020-10910 affects Foxit PhantomPDF/Reader (notably PhantomPDF 9.7.0.29478; CNVD/ZDI notes 9.7.1.29511 and earlier) where the RotatePage command handling in the communication API is vulnerable to a type confusion caused by insufficient validation of user-supplied data. This allows remote code...

7.8CVSS7.9AI score0.04787EPSS
cve
cve
added 2020/06/04 4:52 p.m.73 views

CVE-2019-20830

Foxit Reader and Foxit PhantomPDF versions before 9.6 contain an out-of-bounds write when Internet Explorer is used (CVE-2019-20830). Connected sources confirm the affected products and the root cause, but do not provide explicit exploitation details, vectors, or remediation steps. No additional ...

9.8CVSS9.5AI score0.01717EPSS
cve
cve
added 2020/04/22 8:50 p.m.70 views

CVE-2020-10894

The CVE-2020-10894 issue affects Foxit PhantomPDF 9.7.1.29511 (U3D object handling) and is caused by insufficient validation of user-supplied data, leading to a read past the end of an allocated object (out-of-bounds read). This enables remote information disclosure with user interaction required...

4.3CVSS3.3AI score0.03311EPSS
cve
cve
added 2020/04/22 8:51 p.m.70 views

CVE-2020-10911

CVE-2020-10911 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family in some sources) with a type-confusion flaw in the GetFieldValue handling of the communication API that enables remote code execution. Exploitation requires user interaction (e.g., opening a malicious file/page). The vuln...

7.8CVSS7.9AI score0.04689EPSS
cve
cve
added 2020/04/22 8:50 p.m.69 views

CVE-2020-10892

CVE-2020-10892 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) with a vulnerability in the API communication handling of the CombineFiles command. The flaw allows an attacker to write an arbitrary file with data under attacker control, enabling remote code execution in the context o...

8.8CVSS8.8AI score0.0217EPSS
cve
cve
added 2020/04/22 8:50 p.m.68 views

CVE-2020-10889

Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10889. The issue lies in the DuplicatePages command handling within the communication API, caused by improper validation of user-supplied data leading to a type confusion. This allows remote code execution in the context of the current process ...

7.8CVSS7.9AI score0.04689EPSS
cve
cve
added 2020/09/04 3:31 a.m.68 views

CVE-2020-11493

CVE-2020-11493 affects Foxit Reader and PhantomPDF prior to 10.0.1 and 9.7.3 respectively. The issue stems from a direct transformation from a PDF Object to a Stream without adequately handling a crafted XObject, allowing an uninitialized object to leak sensitive information. The result is an inf...

8.1CVSS7.6AI score0.00932EPSS
cve
cve
added 2020/04/22 8:50 p.m.67 views

CVE-2020-10897

CVE-2020-10897 affects Foxit PhantomPDF 9.7.1.29511. The flaw is in PDF U3D object handling where inadequate validation allows a write past the end of an allocated object, enabling code execution in the current process. User interaction is required (malicious page or file). Root cause and impact ...

7.8CVSS7.8AI score0.04826EPSS
cve
cve
added 2020/06/04 4:30 p.m.64 views

CVE-2018-21240

CVE-2018-21240 affects Foxit Reader and PhantomPDF prior to version 9.2. The issue is a memory consumption flaw triggered by an ArrayBuffer(0xfffffffe) call in these products. Root cause is a memory handling vulnerability leading to resource exhaustion. Impact is partial availability degradation ...

7.5CVSS7.5AI score0.01044EPSS
cve
cve
added 2020/04/22 8:50 p.m.64 views

CVE-2020-10896

CVE-2020-10896 affects Foxit PhantomPDF (including the 3D U3DBrowser plugin) and specifically targets the processing of U3D objects in PDF files. The issue is a heap-based buffer overflow caused by insufficient validation of the length of user-supplied data, allowing arbitrary code execution in t...

7.8CVSS7.8AI score0.04689EPSS
cve
cve
added 2020/04/22 8:50 p.m.64 views

CVE-2020-10899

CVE-2020-10899 affects Foxit Reader/PhantomPDF up to version 9.7.1.29511. The flaw resides in XFA template processing where the code fails to validate an object’s existence before operations, enabling remote code execution when a user opens a malicious file/page. Exploitation requires user intera...

7.8CVSS7.8AI score0.04689EPSS
cve
cve
added 2020/04/22 8:51 p.m.63 views

CVE-2020-10905

CVE-2020-10905 affects Foxit PhantomPDF 9.7.1.29511. The issue is an out-of-bounds read in U3D vertex handling due to insufficient validation, requiring user interaction (malicious page/file) and potentially enabling code execution when combined with other vulnerabilities. Multiple sources (ZDI-2...

4.3CVSS3.3AI score0.03405EPSS
cve
cve
added 2020/06/04 4:43 p.m.61 views

CVE-2019-20837

CVE-2019-20837 affects Foxit Reader and PhantomPDF, prior to version 9.5. The issue allows signature validation bypass when a file is modified or uses non-standard signatures, enabling bypass of digital signature checks. The provided documents do not specify an exploit method or in-the-wild activ...

7.5CVSS7.5AI score0.01004EPSS
cve
cve
added 2020/06/04 4:31 p.m.60 views

CVE-2018-21239

CVE-2018-21239 affects Foxit Reader and PhantomPDF before 9.2. The issue enables NTLM credential theft via a GoToE or GoToR action in PDFs. Root cause is information leakage via GoTo actions, leading to partial confidentiality impact per CVSS (2.0: 5.0, 3.1: 5.3). Affected products are Foxit Read...

5.3CVSS5.2AI score0.00817EPSS
cve
cve
added 2020/09/04 3:32 a.m.60 views

CVE-2020-12248

CVE-2020-12248 affects Foxit Reader and Foxit PhantomPDF: heap-based buffer overflow caused by mishandling dirty image-resource data, allowing arbitrary code execution. Affected: Foxit Reader and PhantomPDF versions before 10.0.1, and PhantomPDF before 9.7.3. Impact per sources: potential remote ...

8.8CVSS9AI score0.01799EPSS
Total number of security vulnerabilities72