Reader
CVEs (263)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5556 | Hig | 0.53 | 8.1 | 0.04 | Jan 23, 2017 | The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to… | ||
| CVE-2016-3740 | Hig | 0.52 | 7.8 | 0.16 | Apr 4, 2017 | Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed… | ||
| CVE-2018-16294 | Hig | 0.51 | 7.8 | 0.03 | Oct 8, 2018 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially… | ||
| CVE-2018-3966 | Hig | 0.51 | 7.8 | 0.06 | Oct 3, 2018 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker… | ||
| CVE-2018-3965 | Hig | 0.51 | 7.8 | 0.06 | Oct 3, 2018 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker… | ||
| CVE-2018-3961 | Hig | 0.51 | 7.8 | 0.02 | Oct 2, 2018 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious… | ||
| CVE-2018-3958 | Hig | 0.51 | 7.8 | 0.03 | Oct 2, 2018 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious… | ||
| CVE-2018-3957 | Hig | 0.51 | 7.8 | 0.03 | Oct 2, 2018 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious… | ||
| CVE-2016-6169 | Hig | 0.51 | 7.8 | 0.05 | Feb 7, 2018 | Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. | ||
| CVE-2016-6168 | Hig | 0.51 | 7.8 | 0.03 | Feb 7, 2018 | Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. | ||
| CVE-2017-15768 | Hig | 0.51 | 7.8 | 0.01 | Oct 22, 2017 | IrfanView version 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113." | ||
| CVE-2017-15767 | Hig | 0.51 | 7.8 | 0.01 | Oct 22, 2017 | IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADIMAGE+0x00000000003d5b52." | ||
| CVE-2017-14694 | Hig | 0.51 | 7.8 | 0.07 | Sep 22, 2017 | Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow… | ||
| CVE-2017-14692 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | ||
| CVE-2017-14691 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a." | ||
| CVE-2017-14690 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7." | ||
| CVE-2017-14689 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at… | ||
| CVE-2017-14688 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | ||
| CVE-2017-14310 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869." | ||
| CVE-2017-14309 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8." |
- risk 0.53cvss 8.1epss 0.04
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to…
- risk 0.52cvss 7.8epss 0.16
Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed…
- risk 0.51cvss 7.8epss 0.03
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially…
- risk 0.51cvss 7.8epss 0.06
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…
- risk 0.51cvss 7.8epss 0.06
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…
- risk 0.51cvss 7.8epss 0.02
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious…
- risk 0.51cvss 7.8epss 0.03
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious…
- risk 0.51cvss 7.8epss 0.03
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious…
- risk 0.51cvss 7.8epss 0.05
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.
- risk 0.51cvss 7.8epss 0.03
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.
- risk 0.51cvss 7.8epss 0.01
IrfanView version 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113."
- risk 0.51cvss 7.8epss 0.01
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADIMAGE+0x00000000003d5b52."
- risk 0.51cvss 7.8epss 0.07
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow…
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."
Page 7 of 14