Foxit Phantompdf vulnerabilities

88 known vulnerabilities affecting foxit/phantompdf.

Total CVEs
88
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH68MEDIUM9LOW11

Vulnerabilities

Page 2 of 5
CVE-2021-27266LOWCVSS 3.3v10.1.0.375272021-03-30
CVE-2021-27266 [LOW] CWE-125 CVE-2021-27266: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
CVE-2020-17415HIGHCVSS 7.8v10.0.0.357982020-10-13
CVE-2020-17415 [HIGH] CWE-732 CVE-2020-17415: This vulnerability allows local attackers to escalate privileges on affected installations of Foxit This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Phant
cvelistv5nvd
CVE-2020-17412HIGHCVSS 7.8v10.0.0.357982020-10-13
CVE-2020-17412 [HIGH] CWE-787 CVE-2020-17412: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue
cvelistv5nvd
CVE-2020-17410HIGHCVSS 7.8v10.0.0.357982020-10-13
CVE-2020-17410 [HIGH] CWE-416 CVE-2020-17410: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of
cvelistv5nvd
CVE-2020-17413HIGHCVSS 7.8v10.0.0.357982020-10-13
CVE-2020-17413 [HIGH] CWE-121 CVE-2020-17413: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue
cvelistv5nvd
CVE-2020-17411LOWCVSS 3.3v10.0.0.357982020-10-13
CVE-2020-17411 [LOW] CWE-125 CVE-2020-17411: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. Th
cvelistv5nvd
CVE-2020-15638HIGHCVSS 7.8v9.7.2.295392020-08-20
CVE-2020-15638 [HIGH] CWE-843 CVE-2020-15638: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue
cvelistv5nvd
CVE-2020-15637LOWCVSS 3.3v9.7.1.295112020-08-20
CVE-2020-15637 [LOW] CWE-416 CVE-2020-15637: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions
cvelistv5nvd
CVE-2020-10908HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10908 [HIGH] CWE-843 CVE-2020-10908: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Export command of the communication API.
cvelistv5nvd
CVE-2020-10895HIGHCVSS 7.8v9.7.1.295112020-04-22
CVE-2020-10895 [HIGH] CWE-125 CVE-2020-10895: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
cvelistv5nvd
CVE-2020-10913HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10913 [HIGH] CWE-843 CVE-2020-10913: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the commun
cvelistv5nvd
CVE-2020-10890HIGHCVSS 8.8v9.7.0.294782020-04-22
CVE-2020-10890 [HIGH] CWE-352 CVE-2020-10890: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the
cvelistv5nvd
CVE-2020-10911HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10911 [HIGH] CWE-843 CVE-2020-10911: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communicatio
cvelistv5nvd
CVE-2020-10892HIGHCVSS 8.8v9.7.0.294782020-04-22
CVE-2020-10892 [HIGH] CWE-352 CVE-2020-10892: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the
cvelistv5nvd
CVE-2020-10910HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10910 [HIGH] CWE-843 CVE-2020-10910: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication A
cvelistv5nvd
CVE-2020-10909HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10909 [HIGH] CWE-843 CVE-2020-10909: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AddWatermark command of the communication
cvelistv5nvd
CVE-2020-10889HIGHCVSS 7.8v9.7.0.294782020-04-22
CVE-2020-10889 [HIGH] CWE-843 CVE-2020-10889: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DuplicatePages command of the communicati
cvelistv5nvd
CVE-2020-10904HIGHCVSS 7.8v9.7.1.295112020-04-22
CVE-2020-10904 [HIGH] CWE-787 CVE-2020-10904: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
cvelistv5nvd
CVE-2020-10893HIGHCVSS 7.8v9.7.1.295112020-04-22
CVE-2020-10893 [HIGH] CWE-787 CVE-2020-10893: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue resu
cvelistv5nvd
CVE-2020-10897HIGHCVSS 7.8v9.7.1.295112020-04-22
CVE-2020-10897 [HIGH] CWE-787 CVE-2020-10897: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
cvelistv5nvd
← Previous2 / 5Next →