Filtered by vendor Foxitsoftware
Subscribe
Total
791 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5677 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2018-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680. | |||||
| CVE-2018-5676 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2018-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678. | |||||
| CVE-2018-5674 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2018-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5676 and CVE-2018-5678. | |||||
| CVE-2017-17557 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-06-05 | 6.8 MEDIUM | 8.8 HIGH |
| In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process. | |||||
| CVE-2018-10303 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3. | |||||
| CVE-2018-10302 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9. | |||||
| CVE-2017-16813 | 1 Foxitsoftware | 1 Mobilepdf | 2018-03-16 | 2.9 LOW | 5.5 MEDIUM |
| A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this. | |||||
| CVE-2017-16814 | 1 Foxitsoftware | 1 Mobilepdf | 2018-03-16 | 3.3 LOW | 5.5 MEDIUM |
| A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files. | |||||
| CVE-2016-6169 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. | |||||
| CVE-2016-6168 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. | |||||
| CVE-2017-14694 | 1 Foxitsoftware | 1 Foxit Reader | 2018-01-04 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | |||||
| CVE-2017-10994 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-08-23 | 9.3 HIGH | 7.3 HIGH |
| Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2011-1908 | 1 Foxitsoftware | 1 Foxit Reader | 2017-08-16 | 9.3 HIGH | N/A |
| Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | |||||
| CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2017-07-28 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | |||||
| CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2017-05-17 | 4.3 MEDIUM | 8.1 HIGH |
| Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |||||
| CVE-2017-8455 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-8453 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-8454 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-7584 | 1 Foxitsoftware | 1 Foxit Pdf Toolkit | 2017-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. | |||||
| CVE-2016-3740 | 1 Foxitsoftware | 1 Foxit Reader | 2017-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0. | |||||