Foxit Reader for Mac
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26536 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. | |||
| CVE-2020-26537 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | |||
| CVE-2020-26538 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | |||
| CVE-2020-26539 | 0.00 | — | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | |||
| CVE-2020-26540 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. | |||
| CVE-2020-12248 | 0.00 | — | 0.02 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | |||
| CVE-2020-12247 | 0.00 | — | 0.04 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | |||
| CVE-2020-11493 | 0.00 | — | 0.01 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | |||
| CVE-2019-20826 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. | |||
| CVE-2019-20827 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. | |||
| CVE-2019-20828 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | |||
| CVE-2019-20829 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | |||
| CVE-2019-20830 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | |||
| CVE-2019-20835 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | |||
| CVE-2019-20836 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. | |||
| CVE-2019-20837 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | |||
| CVE-2018-21236 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | |||
| CVE-2018-21239 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | |||
| CVE-2018-21240 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | |||
| CVE-2019-20820 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. |
- CVE-2020-26536Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.
- CVE-2020-26537Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
- CVE-2020-26538Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.
- CVE-2020-26539Oct 2, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
- CVE-2020-26540Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.
- CVE-2020-12248Sep 4, 2020risk 0.00cvss —epss 0.02
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
- CVE-2020-12247Sep 4, 2020risk 0.00cvss —epss 0.04
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.
- CVE-2020-11493Sep 4, 2020risk 0.00cvss —epss 0.01
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
- CVE-2019-20826Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
- CVE-2019-20827Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
- CVE-2019-20828Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
- CVE-2019-20829Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
- CVE-2019-20830Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
- CVE-2019-20835Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
- CVE-2019-20836Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
- CVE-2019-20837Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
- CVE-2018-21236Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
- CVE-2018-21239Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
- CVE-2018-21240Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
- CVE-2019-20820Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
Page 4 of 9