VYPR

Reader

by Foxitsoftware

CVEs (263)

  • CVE-2013-10068CriAug 5, 2025
    risk 0.70cvss epss 0.01

    Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can…

  • CVE-2026-34621HigKEVApr 11, 2026
    risk 0.69cvss 8.6epss 0.07

    Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user.…

  • CVE-2018-9958HigMay 17, 2018
    risk 0.65cvss 8.8epss 0.63

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-17611CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17610CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17609CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17608CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17607CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-7407HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2017-10952HigAug 29, 2017
    risk 0.58cvss 8.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2017-10951HigAug 29, 2017
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2017-8454HigMay 3, 2017
    risk 0.58cvss 8.8epss 0.04

    Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

  • CVE-2017-8453HigMay 3, 2017
    risk 0.58cvss 8.8epss 0.04

    Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

  • CVE-2018-3997HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3996HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3992HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3945HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3942HigOct 8, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3995HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs…

  • CVE-2018-3994HigOct 3, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

Page 1 of 14