Vendor CVEs
Foxitsoftware
All CVEs
1,142 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20309 | 0.00 | — | 0.01 | Jan 7, 2021 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||
| CVE-2018-19418 | 0.00 | — | 0.08 | Jan 7, 2021 | Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | |||
| CVE-2020-35931 | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a… | |||
| CVE-2020-13547 | 0.00 | — | 0.03 | Dec 22, 2020 | A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs… | |||
| CVE-2020-13570 | 0.00 | — | 0.02 | Dec 22, 2020 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user… | |||
| CVE-2020-28203 | 0.00 | — | 0.02 | Dec 15, 2020 | An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). | |||
| CVE-2020-17417 | 0.00 | — | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-17414 | 0.00 | — | 0.02 | Oct 13, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2020-17415 | 0.00 | — | 0.02 | Oct 13, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | |||
| CVE-2020-17416 | 0.00 | — | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-17413 | 0.00 | — | 0.04 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-17412 | 0.00 | — | 0.04 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-17410 | 0.00 | — | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-26534 | 0.00 | — | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | |||
| CVE-2020-26535 | 0.00 | — | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | |||
| CVE-2020-26536 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. | |||
| CVE-2020-26537 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | |||
| CVE-2020-26538 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | |||
| CVE-2020-26539 | 0.00 | — | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | |||
| CVE-2020-26540 | 0.00 | — | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. | |||
| CVE-2020-12248 | 0.00 | — | 0.02 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | |||
| CVE-2020-12247 | 0.00 | — | 0.04 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | |||
| CVE-2020-11493 | 0.00 | — | 0.01 | Sep 4, 2020 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | |||
| CVE-2020-17404 | 0.00 | — | 0.05 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-17403 | 0.00 | — | 0.05 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-8869 | 0.00 | — | 0.05 | Aug 19, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-8870 | 0.00 | — | 0.05 | Aug 19, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-15638 | 0.00 | — | 0.06 | Aug 19, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2020-15637 | 0.00 | — | 0.04 | Aug 19, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The… | |||
| CVE-2020-15630 | 0.00 | — | 0.05 | Aug 19, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The… | |||
| CVE-2020-15629 | 0.00 | — | 0.06 | Aug 19, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | |||
| CVE-2019-20823 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | |||
| CVE-2019-20824 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | |||
| CVE-2019-20825 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. | |||
| CVE-2019-20826 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. | |||
| CVE-2019-20827 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. | |||
| CVE-2019-20828 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. | |||
| CVE-2019-20829 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | |||
| CVE-2019-20830 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | |||
| CVE-2019-20831 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. | |||
| CVE-2019-20832 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. | |||
| CVE-2019-20833 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. | |||
| CVE-2019-20834 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures. | |||
| CVE-2019-20835 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | |||
| CVE-2019-20836 | 0.00 | — | 0.02 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. | |||
| CVE-2019-20837 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | |||
| CVE-2018-21235 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | |||
| CVE-2018-21236 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | |||
| CVE-2018-21237 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | |||
| CVE-2018-21238 | 0.00 | — | 0.01 | Jun 4, 2020 | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. |
- CVE-2018-20309Jan 7, 2021risk 0.00cvss —epss 0.01
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-19418Jan 7, 2021risk 0.00cvss —epss 0.08
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.
- CVE-2020-35931Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a…
- CVE-2020-13547Dec 22, 2020risk 0.00cvss —epss 0.03
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs…
- CVE-2020-13570Dec 22, 2020risk 0.00cvss —epss 0.02
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user…
- CVE-2020-28203Dec 15, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).
- CVE-2020-17417Oct 13, 2020risk 0.00cvss —epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-17414Oct 13, 2020risk 0.00cvss —epss 0.02
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…
- CVE-2020-17415Oct 13, 2020risk 0.00cvss —epss 0.02
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- CVE-2020-17416Oct 13, 2020risk 0.00cvss —epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-17413Oct 13, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-17412Oct 13, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-17410Oct 13, 2020risk 0.00cvss —epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-26534Oct 2, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
- CVE-2020-26535Oct 2, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).
- CVE-2020-26536Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.
- CVE-2020-26537Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
- CVE-2020-26538Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.
- CVE-2020-26539Oct 2, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
- CVE-2020-26540Oct 2, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.
- CVE-2020-12248Sep 4, 2020risk 0.00cvss —epss 0.02
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
- CVE-2020-12247Sep 4, 2020risk 0.00cvss —epss 0.04
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.
- CVE-2020-11493Sep 4, 2020risk 0.00cvss —epss 0.01
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
- CVE-2020-17404Aug 25, 2020risk 0.00cvss —epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-17403Aug 25, 2020risk 0.00cvss —epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-8869Aug 19, 2020risk 0.00cvss —epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-8870Aug 19, 2020risk 0.00cvss —epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-15638Aug 19, 2020risk 0.00cvss —epss 0.06
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2020-15637Aug 19, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…
- CVE-2020-15630Aug 19, 2020risk 0.00cvss —epss 0.05
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…
- CVE-2020-15629Aug 19, 2020risk 0.00cvss —epss 0.06
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- CVE-2019-20823Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
- CVE-2019-20824Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
- CVE-2019-20825Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
- CVE-2019-20826Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
- CVE-2019-20827Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
- CVE-2019-20828Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
- CVE-2019-20829Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
- CVE-2019-20830Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
- CVE-2019-20831Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash.
- CVE-2019-20832Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
- CVE-2019-20833Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
- CVE-2019-20834Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
- CVE-2019-20835Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
- CVE-2019-20836Jun 4, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
- CVE-2019-20837Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
- CVE-2018-21235Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
- CVE-2018-21236Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
- CVE-2018-21237Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
- CVE-2018-21238Jun 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
Page 17 of 23