Filtered by vendor Foxit
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35990 | 1 Foxit | 1 Pdf Reader | 2023-08-17 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | |||||
| CVE-2022-28681 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-23 | N/A | 6.1 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825. | |||||
| CVE-2022-27359 | 1 Foxit | 1 Pdf Reader | 2022-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file. | |||||
| CVE-2021-27517 | 1 Foxit | 2 Phantompdf, Reader | 2021-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). | |||||