PhantomPDF Mac
CVEs (226)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20817 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. | ||
| CVE-2019-20816 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. | ||
| CVE-2019-20815 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | ||
| CVE-2019-20814 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. | ||
| CVE-2019-20813 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. | ||
| CVE-2020-13810 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. | ||
| CVE-2020-13809 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | ||
| CVE-2020-13808 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. | ||
| CVE-2020-13807 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. | ||
| CVE-2020-13806 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | ||
| CVE-2020-13803 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. | ||
| CVE-2019-14215 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer. | ||
| CVE-2019-14214 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. | ||
| CVE-2019-14213 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | ||
| CVE-2019-14212 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object. | ||
| CVE-2019-14211 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. | ||
| CVE-2019-14210 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. | ||
| CVE-2019-14208 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary. | ||
| CVE-2019-14207 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). | ||
| CVE-2018-17781 | Hig | 0.49 | 7.5 | 0.02 | Sep 29, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. |
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
- risk 0.49cvss 7.5epss 0.02
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
Page 9 of 12