Filtered by vendor Foxitsoftware
Subscriptions
Filtered by product Reader
Subscriptions
Total
259 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-3967 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 7.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3962 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 7.3 High |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3966 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 7.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3997 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 8.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3959 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 7.8 High |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3940 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 8.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger. | ||||
CVE-2018-3945 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 8.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | ||||
CVE-2018-3995 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 8.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
CVE-2018-3941 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-09-16 | 8.8 High |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | ||||
CVE-2009-0836 | 1 Foxitsoftware | 1 Reader | 2024-08-07 | N/A |
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. | ||||
CVE-2016-8878 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-06 | N/A |
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." | ||||
CVE-2016-8876 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-06 | N/A |
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader." | ||||
CVE-2016-8875 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-06 | N/A |
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." | ||||
CVE-2016-8877 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-06 | N/A |
Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. | ||||
CVE-2016-8879 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-06 | N/A |
The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. | ||||
CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2024-08-06 | N/A |
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | ||||
CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2024-08-06 | N/A |
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | ||||
CVE-2018-21236 | 1 Foxitsoftware | 1 Reader | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | ||||
CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 5.3 Medium |
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. |