VYPR

Foxit Reader for Mac

by Foxitsoftware

CVEs (178)

  • CVE-2020-26536Oct 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.

  • CVE-2020-26537Oct 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.

  • CVE-2020-26538Oct 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

  • CVE-2020-26539Oct 2, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).

  • CVE-2020-26540Oct 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

  • CVE-2020-12248Sep 4, 2020
    risk 0.00cvss epss 0.02

    In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.

  • CVE-2020-12247Sep 4, 2020
    risk 0.00cvss epss 0.04

    In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.

  • CVE-2020-11493Sep 4, 2020
    risk 0.00cvss epss 0.01

    In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

  • CVE-2019-20826Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

  • CVE-2019-20827Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.

  • CVE-2019-20828Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

  • CVE-2019-20829Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

  • CVE-2019-20830Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

  • CVE-2019-20835Jun 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.

  • CVE-2019-20836Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.

  • CVE-2019-20837Jun 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.

  • CVE-2018-21236Jun 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.

  • CVE-2018-21239Jun 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

  • CVE-2018-21240Jun 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

  • CVE-2019-20820Jun 4, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.

Page 4 of 9