VYPR

Foxit Reader Plugin

by Foxitsoftware

CVEs (285)

  • CVE-2017-10956MedDec 20, 2017
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2017-10944MedOct 31, 2017
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2017-10943MedOct 31, 2017
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2017-10942MedOct 31, 2017
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2015-2790Mar 30, 2015
    risk 0.05cvss epss 0.25

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

  • CVE-2015-3632May 1, 2015
    risk 0.03cvss epss 0.06

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

  • CVE-2015-2789Mar 30, 2015
    risk 0.03cvss epss 0.03

    Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

  • CVE-2022-37332Nov 21, 2022
    risk 0.01cvss epss 0.01

    A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An…

  • CVE-2025-32451Aug 13, 2025
    risk 0.00cvss epss 0.01

    A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary…

  • CVE-2024-49576Dec 18, 2024
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…

  • CVE-2024-47810Dec 18, 2024
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.…

  • CVE-2024-28888Oct 2, 2024
    risk 0.00cvss epss 0.02

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…

  • CVE-2024-29072May 28, 2024
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected…

  • CVE-2024-25938Apr 30, 2024
    risk 0.00cvss epss 0.16

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary…

  • CVE-2024-25648Apr 30, 2024
    risk 0.00cvss epss 0.16

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary…

  • CVE-2024-25575Apr 30, 2024
    risk 0.00cvss epss 0.18

    A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code…

  • CVE-2023-39542Nov 27, 2023
    risk 0.00cvss epss 0.03

    A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger…

  • CVE-2023-40194Nov 27, 2023
    risk 0.00cvss epss 0.02

    An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code…

  • CVE-2023-35985Nov 27, 2023
    risk 0.00cvss epss 0.03

    An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to…

  • CVE-2023-32616Nov 27, 2023
    risk 0.00cvss epss 0.02

    A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code…