Filtered by vendor Foxitsoftware
Subscribe
Search
Total
794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6169 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. | |||||
| CVE-2016-6168 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. | |||||
| CVE-2017-14694 | 1 Foxitsoftware | 1 Foxit Reader | 2018-01-05 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | |||||
| CVE-2017-10994 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-08-24 | 9.3 HIGH | 7.3 HIGH |
| Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2011-1908 | 1 Foxitsoftware | 1 Foxit Reader | 2017-08-17 | 9.3 HIGH | N/A |
| Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | |||||
| CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2017-07-29 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | |||||
| CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2017-05-17 | 4.3 MEDIUM | 8.1 HIGH |
| Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |||||
| CVE-2017-8455 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-8453 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-8454 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2017-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-7584 | 1 Foxitsoftware | 1 Foxit Pdf Toolkit | 2017-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. | |||||
| CVE-2016-3740 | 1 Foxitsoftware | 1 Foxit Reader | 2017-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0. | |||||
| CVE-2017-5364 | 1 Foxitsoftware | 1 Foxit Pdf Toolkit | 2017-02-03 | 6.8 MEDIUM | 7.8 HIGH |
| Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0. | |||||
| CVE-2017-5556 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2017-01-26 | 5.8 MEDIUM | 8.1 HIGH |
| The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
| CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2017-01-11 | 4.3 MEDIUM | 3.3 LOW |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | |||||
| CVE-2015-3632 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2017-01-03 | 4.3 MEDIUM | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. | |||||
| CVE-2015-3633 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2017-01-03 | 5.0 MEDIUM | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | |||||
| CVE-2015-2789 | 1 Foxitsoftware | 1 Foxit Reader | 2016-12-03 | 4.4 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
| CVE-2015-2790 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2016-12-03 | 4.3 MEDIUM | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. | |||||
| CVE-2016-8876 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 7.5 HIGH |
| Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader." | |||||
| CVE-2016-8877 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. | |||||
| CVE-2016-8878 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." | |||||
| CVE-2016-8875 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." | |||||
| CVE-2016-8879 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. | |||||
| CVE-2016-4060 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2016-4059 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. | |||||
| CVE-2016-4062 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. | |||||
| CVE-2016-4063 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. | |||||
| CVE-2016-4064 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | |||||
| CVE-2016-4061 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. | |||||
| CVE-2011-3691 | 1 Foxitsoftware | 1 Foxit Reader | 2016-11-08 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. | |||||
| CVE-2015-8580 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-08 | 6.8 MEDIUM | N/A |
| Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2016-4065 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. | |||||
| CVE-2011-0332 | 1 Foxitsoftware | 2 Foxit Phantom, Foxit Reader | 2016-11-08 | 9.3 HIGH | N/A |
| Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-8843 | 1 Foxitsoftware | 1 Foxit Reader | 2016-04-19 | 6.9 MEDIUM | 7.4 HIGH |
| The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. | |||||
| CVE-2014-8074 | 1 Foxitsoftware | 1 Foxit Pdf Sdk Activex | 2016-04-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables. | |||||
| CVE-2014-6853 | 1 Foxitsoftware | 1 Foxit Mobilepdf - Pdf Reader | 2014-11-14 | 5.4 MEDIUM | N/A |
| The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4646 | 1 Foxitsoftware | 1 Foxit Pdf Sdk Dll | 2014-07-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-0107 | 1 Foxitsoftware | 1 Foxit Advanced Pdf Editor | 2013-01-30 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie. | |||||
| CVE-2012-4759 | 1 Foxitsoftware | 1 Foxit Reader | 2012-09-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4337 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Windows 7, Windows Xp | 2012-08-24 | 9.3 HIGH | N/A |
| Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. | |||||
| CVE-2010-1239 | 1 Foxitsoftware | 1 Foxit Reader | 2010-04-06 | 9.3 HIGH | N/A |
| Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. | |||||
| CVE-2009-0691 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000 Jbig2 Decoder Add-on | 2009-06-26 | 9.3 HIGH | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. | |||||
| CVE-2009-0690 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000\/jbig2 Decoder Add-on | 2009-06-24 | 9.3 HIGH | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | |||||