VYPR
Vendor

Foxitsoftware

Products
37
CVEs
1,142
Across products
1,613
Status
Private

Products

37
View all 37 products →

Recent CVEs

1,142
View all 1,142 CVEs →
  • CVE-2013-10068CriAug 5, 2025
    risk 0.70cvss epss 0.01

    Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can…

  • CVE-2026-34621HigKEVApr 11, 2026
    risk 0.69cvss 8.6epss 0.07

    Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user.…

  • CVE-2018-9958HigMay 17, 2018
    risk 0.65cvss 8.8epss 0.63

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-17611CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17610CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17609CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17608CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-17607CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.

  • CVE-2018-14442CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.05

    Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.

  • CVE-2018-3924HigAug 1, 2018
    risk 0.61cvss 8.8epss 0.44

    An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker…

  • CVE-2018-3843HigApr 19, 2018
    risk 0.59cvss 8.8epss 0.24

    An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive…

  • CVE-2010-20010HigAug 20, 2025
    risk 0.58cvss epss 0.00

    Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary…

  • CVE-2011-10030HigAug 20, 2025
    risk 0.58cvss epss 0.00

    Foxit PDF Reader <  4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged…

  • CVE-2018-14295HigJul 31, 2018
    risk 0.58cvss 8.8epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2018-7407HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2018-7406HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2018-5679HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2018-5678HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2018-5677HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2018-5675HigMay 24, 2018
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…