Foxit Phantompdf vulnerabilities
88 known vulnerabilities affecting foxit/phantompdf.
Total CVEs
88
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH68MEDIUM9LOW11
Vulnerabilities
Page 1 of 5
CVE-2021-41782HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41782 [HIGH] CWE-416 CVE-2021-41782: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-41781HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41781 [HIGH] CWE-416 CVE-2021-41781: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-41780HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41780 [HIGH] CWE-416 CVE-2021-41780: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-41785HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41785 [HIGH] CWE-416 CVE-2021-41785: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-41784HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41784 [HIGH] CWE-416 CVE-2021-41784: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-41783HIGHCVSS 7.8fixed in 10.1.62022-08-29
CVE-2021-41783 [HIGH] CWE-416 CVE-2021-41783: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
nvd
CVE-2021-40326MEDIUMCVSS 5.5fixed in 10.1.62022-08-29
CVE-2021-40326 [MEDIUM] CWE-347 CVE-2021-40326: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hid
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
nvd
CVE-2022-25641MEDIUMCVSS 5.5fixed in 10.1.82022-08-29
CVE-2022-25641 [MEDIUM] CVE-2022-25641: Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.
nvd
CVE-2021-27517MEDIUMCVSS 6.1≤ 9.7.5.29616≥ 10.0.0.0, ≤ 10.1.3.375982021-07-20
CVE-2021-27517 [MEDIUM] CWE-79 CVE-2021-27517: Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
nvd
CVE-2021-31476HIGHCVSS 7.8v10.1.3.375982021-06-16
CVE-2021-31476 [HIGH] CWE-843 CVE-2021-31476: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the la
cvelistv5nvd
CVE-2021-27261HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27261 [HIGH] CWE-125 CVE-2021-27261: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results
cvelistv5nvd
CVE-2021-27267HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27267 [HIGH] CWE-416 CVE-2021-27267: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results
cvelistv5nvd
CVE-2021-27268HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27268 [HIGH] CWE-416 CVE-2021-27268: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results
cvelistv5nvd
CVE-2021-27269HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27269 [HIGH] CWE-787 CVE-2021-27269: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results
cvelistv5nvd
CVE-2021-27270HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27270 [HIGH] CWE-125 CVE-2021-27270: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the l
cvelistv5nvd
CVE-2021-27271HIGHCVSS 7.8v10.1.0.375272021-03-30
CVE-2021-27271 [HIGH] CWE-125 CVE-2021-27271: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue
cvelistv5nvd
CVE-2021-27262LOWCVSS 3.3v10.1.0.375272021-03-30
CVE-2021-27262 [LOW] CWE-125 CVE-2021-27262: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
CVE-2021-27264LOWCVSS 3.3v10.1.0.375272021-03-30
CVE-2021-27264 [LOW] CWE-125 CVE-2021-27264: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
CVE-2021-27265LOWCVSS 3.3v10.1.0.375272021-03-30
CVE-2021-27265 [LOW] CWE-125 CVE-2021-27265: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
CVE-2021-27263LOWCVSS 3.3v10.1.0.375272021-03-30
CVE-2021-27263 [LOW] CWE-125 CVE-2021-27263: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
1 / 5Next →