Foxit Pdf Reader vulnerabilities
310 known vulnerabilities affecting foxit/pdf_reader.
Total CVEs
310
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH239MEDIUM38LOW30
Vulnerabilities
Page 10 of 16
CVE-2024-30335HIGHCVSS 7.1≤ 2023.3.0.23028v2023.2.0.214082024-04-02
CVE-2024-30335 [HIGH] CWE-125 CVE-2024-30335: Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This v
Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Th
nvd
CVE-2024-30337HIGHCVSS 7.8≤ 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30337 [HIGH] CWE-416 CVE-2024-30337: Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability all
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists w
nvd
CVE-2024-30363MEDIUMCVSS 5.5≤ 2023.3.0.63083≤ 2023.3.0.23028+1 more2024-04-02
CVE-2024-30363 [MEDIUM] CWE-125 CVE-2024-30363: Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The
nvd
CVE-2024-30356LOWCVSS 3.3≤ 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30356 [LOW] CWE-125 CVE-2024-30356: Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerabilit
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific f
nvd
CVE-2024-30347LOWCVSS 3.3fixed in 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30347 [LOW] CWE-125 CVE-2024-30347: Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The sp
nvd
CVE-2024-30350LOWCVSS 3.3≤ 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30350 [LOW] CWE-125 CVE-2024-30350: Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerabil
Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific
nvd
CVE-2024-30364LOWCVSS 3.3≤ 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30364 [LOW] CWE-125 CVE-2024-30364: Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The sp
nvd
CVE-2024-30340LOWCVSS 3.3≤ 2023.3.0.23028v2023.3.0.230282024-04-02
CVE-2024-30340 [LOW] CWE-125 CVE-2024-30340: Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerabil
Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific
nvd
CVE-2024-25858HIGHCVSS 8.4fixed in 2024.42024-03-05
CVE-2024-25858 [HIGH] CWE-450 CVE-2024-25858: In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could
In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.
nvd
CVE-2020-35990MEDIUMCVSS 5.5≤ 10.1.0.375272023-08-11
CVE-2020-35990 [MEDIUM] CWE-120 CVE-2020-35990: Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.
nvd
CVE-2023-28744HIGHCVSS 8.8v12.1.1.152892023-07-19
CVE-2023-28744 [HIGH] CWE-416 CVE-2023-28744: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, versi
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into
nvd
CVE-2023-33876HIGHCVSS 8.8v12.1.2.153322023-07-19
CVE-2023-33876 [HIGH] CWE-416 CVE-2023-33876: A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annota
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the mal
nvd
CVE-2023-33866HIGHCVSS 8.8v12.1.2.153322023-07-19
CVE-2023-33866 [HIGH] CWE-416 CVE-2023-33866: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the m
nvd
CVE-2023-32664HIGHCVSS 7.8v12.1.2.153322023-07-19
CVE-2023-32664 [HIGH] CWE-843 CVE-2023-32664: A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.
nvd
CVE-2023-27379HIGHCVSS 8.8v12.1.2.153322023-07-19
CVE-2023-27379 [HIGH] CWE-416 CVE-2023-27379: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the m
nvd
CVE-2023-33240HIGHCVSS 7.8≤ 12.1.1.152892023-05-19
CVE-2023-33240 [HIGH] CWE-276 CVE-2023-33240: Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x
Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system servic
nvd
CVE-2022-37391HIGHCVSS 7.8fixed in 12.0.1v11.2.2.535752023-03-29
CVE-2022-37391 [HIGH] CWE-416 CVE-2022-37391: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack o
nvd
CVE-2022-43637HIGHCVSS 7.8fixed in 12.0.2v12.0.1.124302023-03-29
CVE-2022-43637 [HIGH] CWE-416 CVE-2022-43637: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of
nvd
CVE-2022-37390HIGHCVSS 7.8fixed in 12.0.1v11.2.2.535752023-03-29
CVE-2022-37390 [HIGH] CWE-416 CVE-2022-37390: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack o
nvd
CVE-2022-37385HIGHCVSS 7.8fixed in 12.0.1v11.2.1.535372023-03-29
CVE-2022-37385 [HIGH] CWE-416 CVE-2022-37385: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack
nvd