Foxit Reader Plugin
CVEs (285)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10956 | Med | 0.42 | 6.5 | 0.02 | Dec 20, 2017 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | ||
| CVE-2017-10944 | Med | 0.42 | 6.5 | 0.02 | Oct 31, 2017 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | ||
| CVE-2017-10943 | Med | 0.42 | 6.5 | 0.02 | Oct 31, 2017 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | ||
| CVE-2017-10942 | Med | 0.42 | 6.5 | 0.02 | Oct 31, 2017 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | ||
| CVE-2015-2790 | 0.05 | — | 0.25 | Mar 30, 2015 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. | |||
| CVE-2015-3632 | 0.03 | — | 0.06 | May 1, 2015 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. | |||
| CVE-2015-2789 | 0.03 | — | 0.03 | Mar 30, 2015 | Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||
| CVE-2022-37332 | 0.01 | — | 0.01 | Nov 21, 2022 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An… | |||
| CVE-2025-32451 | 0.00 | — | 0.01 | Aug 13, 2025 | A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary… | |||
| CVE-2024-49576 | 0.00 | — | 0.01 | Dec 18, 2024 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code… | |||
| CVE-2024-47810 | 0.00 | — | 0.01 | Dec 18, 2024 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.… | |||
| CVE-2024-28888 | 0.00 | — | 0.02 | Oct 2, 2024 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code… | |||
| CVE-2024-29072 | 0.00 | — | 0.00 | May 28, 2024 | A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected… | |||
| CVE-2024-25938 | 0.00 | — | 0.16 | Apr 30, 2024 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary… | |||
| CVE-2024-25648 | 0.00 | — | 0.16 | Apr 30, 2024 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary… | |||
| CVE-2024-25575 | 0.00 | — | 0.18 | Apr 30, 2024 | A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code… | |||
| CVE-2023-39542 | 0.00 | — | 0.03 | Nov 27, 2023 | A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger… | |||
| CVE-2023-40194 | 0.00 | — | 0.02 | Nov 27, 2023 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code… | |||
| CVE-2023-35985 | 0.00 | — | 0.03 | Nov 27, 2023 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to… | |||
| CVE-2023-32616 | 0.00 | — | 0.02 | Nov 27, 2023 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code… |
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- risk 0.42cvss 6.5epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2015-2790Mar 30, 2015risk 0.05cvss —epss 0.25
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
- CVE-2015-3632May 1, 2015risk 0.03cvss —epss 0.06
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
- CVE-2015-2789Mar 30, 2015risk 0.03cvss —epss 0.03
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
- CVE-2022-37332Nov 21, 2022risk 0.01cvss —epss 0.01
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An…
- CVE-2025-32451Aug 13, 2025risk 0.00cvss —epss 0.01
A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary…
- CVE-2024-49576Dec 18, 2024risk 0.00cvss —epss 0.01
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…
- CVE-2024-47810Dec 18, 2024risk 0.00cvss —epss 0.01
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.…
- CVE-2024-28888Oct 2, 2024risk 0.00cvss —epss 0.02
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…
- CVE-2024-29072May 28, 2024risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected…
- CVE-2024-25938Apr 30, 2024risk 0.00cvss —epss 0.16
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary…
- CVE-2024-25648Apr 30, 2024risk 0.00cvss —epss 0.16
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary…
- CVE-2024-25575Apr 30, 2024risk 0.00cvss —epss 0.18
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…
- CVE-2023-39542Nov 27, 2023risk 0.00cvss —epss 0.03
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger…
- CVE-2023-40194Nov 27, 2023risk 0.00cvss —epss 0.02
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code…
- CVE-2023-35985Nov 27, 2023risk 0.00cvss —epss 0.03
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to…
- CVE-2023-32616Nov 27, 2023risk 0.00cvss —epss 0.02
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code…
Page 13 of 15