PDF Reader
CVEs (473)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3777 | Med | 0.36 | 5.5 | 0.00 | Apr 1, 2026 | The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed… | ||
| CVE-2026-3776 | Med | 0.36 | 5.5 | 0.00 | Apr 1, 2026 | The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity… | ||
| CVE-2026-3774 | Med | 0.31 | 4.7 | 0.00 | Apr 1, 2026 | The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered… | ||
| CVE-2023-27363 | 0.06 | — | 0.47 | May 3, 2024 | Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2007-2186 | 0.04 | — | 0.08 | Apr 24, 2007 | Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||
| CVE-2022-28672 | 0.02 | — | 0.02 | Jul 18, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-13548 | 0.02 | — | 0.67 | Feb 10, 2021 | In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is… | |||
| CVE-2020-8844 | 0.02 | — | 0.31 | Feb 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2021-31471 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31469 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31448 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31447 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31446 | 0.01 | — | 0.03 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31445 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31444 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-31443 | 0.01 | — | 0.02 | May 7, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2019-5145 | 0.01 | — | 0.03 | Jan 16, 2020 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick… | |||
| CVE-2018-17686 | 0.01 | — | 0.24 | Jan 24, 2019 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2025-66499 | 0.00 | — | 0.00 | Dec 19, 2025 | A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code. | |||
| CVE-2025-66498 | 0.00 | — | 0.00 | Dec 19, 2025 | A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting… |
- risk 0.36cvss 5.5epss 0.00
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed…
- risk 0.36cvss 5.5epss 0.00
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity…
- risk 0.31cvss 4.7epss 0.00
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered…
- CVE-2023-27363May 3, 2024risk 0.06cvss —epss 0.47
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…
- CVE-2007-2186Apr 24, 2007risk 0.04cvss —epss 0.08
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
- CVE-2022-28672Jul 18, 2022risk 0.02cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-13548Feb 10, 2021risk 0.02cvss —epss 0.67
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is…
- CVE-2020-8844Feb 13, 2020risk 0.02cvss —epss 0.31
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2021-31471May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31469May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31448May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31447May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31446May 7, 2021risk 0.01cvss —epss 0.03
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31445May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31444May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-31443May 7, 2021risk 0.01cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2019-5145Jan 16, 2020risk 0.01cvss —epss 0.03
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick…
- CVE-2018-17686Jan 24, 2019risk 0.01cvss —epss 0.24
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2025-66499Dec 19, 2025risk 0.00cvss —epss 0.00
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
- CVE-2025-66498Dec 19, 2025risk 0.00cvss —epss 0.00
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…
Page 3 of 24