Filtered by vendor Foxitsoftware
Subscriptions
Filtered by product Phantompdf
Subscriptions
Total
549 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
CVE-2018-21244 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 9.8 Critical |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. | ||||
CVE-2018-21237 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 5.3 Medium |
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
CVE-2018-21242 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 9.8 Critical |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. | ||||
CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 7.8 High |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | ||||
CVE-2018-21243 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 6.5 Medium |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. | ||||
CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 5.3 Medium |
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
CVE-2018-20313 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-20309 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-20316 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | ||||
CVE-2018-20315 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-20312 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | ||||
CVE-2018-20310 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-20314 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 8.1 High |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
CVE-2018-18688 | 11 Apple, Code-industry, Foxitsoftware and 8 more | 16 Macos, Master Pdf Editor, Foxit Reader and 13 more | 2024-08-05 | 5.3 Medium |
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader. | ||||
CVE-2018-17682 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-05 | N/A |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157. | ||||
CVE-2018-17694 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-05 | N/A |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138. | ||||
CVE-2018-17676 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-05 | N/A |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849. |