VYPR

PDF Reader

by Foxitsoftware

CVEs (473)

  • CVE-2026-3777MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed…

  • CVE-2026-3776MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity…

  • CVE-2026-3774MedApr 1, 2026
    risk 0.31cvss 4.7epss 0.00

    The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered…

  • CVE-2023-27363May 3, 2024
    risk 0.06cvss epss 0.47

    Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2007-2186Apr 24, 2007
    risk 0.04cvss epss 0.08

    Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2022-28672Jul 18, 2022
    risk 0.02cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-13548Feb 10, 2021
    risk 0.02cvss epss 0.67

    In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is…

  • CVE-2020-8844Feb 13, 2020
    risk 0.02cvss epss 0.31

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31471May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31469May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31448May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31447May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31446May 7, 2021
    risk 0.01cvss epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31445May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31444May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31443May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2019-5145Jan 16, 2020
    risk 0.01cvss epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick…

  • CVE-2018-17686Jan 24, 2019
    risk 0.01cvss epss 0.24

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2025-66499Dec 19, 2025
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

  • CVE-2025-66498Dec 19, 2025
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…

Page 3 of 24