VYPR

Reader

by Foxitsoftware

CVEs (263)

  • CVE-2017-14288HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7."

  • CVE-2017-14287HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."

  • CVE-2017-14286HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c."

  • CVE-2017-14285HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000…

  • CVE-2017-14279HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."

  • CVE-2017-8455HigMay 3, 2017
    risk 0.51cvss 7.8epss 0.04

    Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

  • CVE-2016-8856HigOct 31, 2016
    risk 0.51cvss 7.8epss 0.01

    Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were…

  • CVE-2016-4065HigApr 22, 2016
    risk 0.51cvss 7.8epss 0.03

    The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.

  • CVE-2016-4064HigApr 22, 2016
    risk 0.51cvss 7.8epss 0.04

    Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.

  • CVE-2016-4063HigApr 22, 2016
    risk 0.51cvss 7.8epss 0.05

    Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

  • CVE-2016-4059HigApr 22, 2016
    risk 0.51cvss 7.8epss 0.04

    Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

  • CVE-2018-9948MedMay 17, 2018
    risk 0.50cvss 6.5epss 0.64

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2018-17781HigSep 29, 2018
    risk 0.49cvss 7.5epss 0.02

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.

  • CVE-2016-8876HigOct 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at…

  • CVE-2016-4061HigApr 22, 2016
    risk 0.49cvss 7.5epss 0.01

    Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.

  • CVE-2016-4060HigApr 22, 2016
    risk 0.49cvss 7.5epss 0.01

    Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2018-3962HigOct 2, 2018
    risk 0.48cvss 7.3epss 0.03

    A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the…

  • CVE-2017-10994HigJul 7, 2017
    risk 0.48cvss 7.3epss 0.05

    Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.

  • CVE-2015-8843HigApr 13, 2016
    risk 0.48cvss 7.4epss 0.01

    The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory…

  • CVE-2016-8334MedJan 6, 2017
    risk 0.46cvss 6.8epss 0.19

    A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.

Page 9 of 14