VYPR

Vendor CVEs

Foxitsoftware

All CVEs

1,142 total · sorted by risk
  • CVE-2026-5942MedApr 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.

  • CVE-2026-5939MedApr 27, 2026
    risk 0.36cvss 5.5epss 0.00

    A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

  • CVE-2026-5938MedApr 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.

  • CVE-2026-5937MedApr 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.

  • CVE-2026-3777MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed…

  • CVE-2026-3776MedApr 1, 2026
    risk 0.36cvss 5.5epss 0.00

    The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity…

  • CVE-2025-49419MedJun 6, 2025
    risk 0.36cvss 5.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3.

  • CVE-2017-16814MedFeb 26, 2018
    risk 0.36cvss 5.5epss 0.01

    A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files.

  • CVE-2017-16813MedFeb 26, 2018
    risk 0.36cvss 5.5epss 0.01

    A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this.

  • CVE-2016-4062MedApr 22, 2016
    risk 0.36cvss 5.5epss 0.01

    Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

  • CVE-2016-8875MedOct 31, 2016
    risk 0.35cvss 5.3epss 0.01

    The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one…

  • CVE-2026-3774MedApr 1, 2026
    risk 0.31cvss 4.7epss 0.00

    The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered…

  • CVE-2017-6883MedMar 14, 2017
    risk 0.31cvss 4.7epss 0.03

    The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to…

  • CVE-2009-0837Mar 10, 2009
    risk 0.09cvss epss 0.76

    Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file"…

  • CVE-2023-27363May 3, 2024
    risk 0.06cvss epss 0.47

    Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…

  • CVE-2009-0836Mar 10, 2009
    risk 0.06cvss epss 0.41

    Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via…

  • CVE-2020-14425Nov 2, 2020
    risk 0.05cvss epss 0.39

    Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.

  • CVE-2015-2790Mar 30, 2015
    risk 0.05cvss epss 0.25

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

  • CVE-2018-20247Dec 24, 2018
    risk 0.04cvss epss 0.54

    In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.

  • CVE-2010-1239Apr 5, 2010
    risk 0.04cvss epss 0.08

    Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to…

  • CVE-2008-7031Aug 24, 2009
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.

  • CVE-2008-0151Jan 9, 2008
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.

  • CVE-2007-2186Apr 24, 2007
    risk 0.04cvss epss 0.08

    Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2015-3632May 1, 2015
    risk 0.03cvss epss 0.06

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

  • CVE-2015-2789Mar 30, 2015
    risk 0.03cvss epss 0.03

    Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

  • CVE-2022-28672Jul 18, 2022
    risk 0.02cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-21822May 10, 2021
    risk 0.02cvss epss 0.02

    A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the…

  • CVE-2020-13548Feb 10, 2021
    risk 0.02cvss epss 0.67

    In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is…

  • CVE-2020-13560Dec 22, 2020
    risk 0.02cvss epss 0.03

    A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the…

  • CVE-2020-8844Feb 13, 2020
    risk 0.02cvss epss 0.31

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2008-1104May 21, 2008
    risk 0.02cvss epss 0.23

    Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.

  • CVE-2022-37332Nov 21, 2022
    risk 0.01cvss epss 0.01

    A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An…

  • CVE-2021-31471May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31469May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31448May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31447May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31446May 7, 2021
    risk 0.01cvss epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31445May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31444May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-31443May 7, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-27266Mar 30, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2021-27265Mar 30, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2021-27264Mar 30, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2021-27263Mar 30, 2021
    risk 0.01cvss epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2021-27262Mar 30, 2021
    risk 0.01cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-13557Dec 22, 2020
    risk 0.01cvss epss 0.71

    A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the…

  • CVE-2020-17411Oct 13, 2020
    risk 0.01cvss epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-8856Feb 13, 2020
    risk 0.01cvss epss 0.20

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-8845Feb 13, 2020
    risk 0.01cvss epss 0.19

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-8846Feb 13, 2020
    risk 0.01cvss epss 0.20

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

Page 8 of 23