Foxit Phantompdf vulnerabilities

CVE-2020-10912 [HIGH] CWE-843 CVE-2020-10912: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communicatio

CVE-2020-10891 [HIGH] CWE-843 CVE-2020-10891: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Save command of the communication API. Th

CVE-2020-10902 [HIGH] CWE-125 CVE-2020-10902: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f

CVE-2020-10896 [HIGH] CWE-122 CVE-2020-10896: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f

CVE-2020-10898 [HIGH] CWE-125 CVE-2020-10898: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f

CVE-2020-10894 [LOW] CWE-125 CVE-2020-10894: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The iss

CVE-2020-10901 [LOW] CWE-125 CVE-2020-10901: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue re

CVE-2020-10905 [LOW] CWE-125 CVE-2020-10905: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of vertices in U3D objects. The issue res

CVE-2020-10903 [LOW] CWE-125 CVE-2020-10903: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The iss

CVE-2020-8845 [HIGH] CWE-416 CVE-2020-8845: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from

CVE-2020-8846 [HIGH] CWE-416 CVE-2020-8846: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the l

CVE-2020-8856 [HIGH] CWE-416 CVE-2020-8856: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of v

CVE-2020-8854 [HIGH] CWE-787 CVE-2020-8854: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the

CVE-2020-8853 [HIGH] CWE-787 CVE-2020-8853: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the

CVE-2020-8855 [HIGH] CWE-416 CVE-2020-8855: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of va

CVE-2019-17136 [HIGH] CWE-125 CVE-2019-17136: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from th

CVE-2019-13334 [HIGH] CWE-822 CVE-2019-13334: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from th

CVE-2019-17135 [HIGH] CWE-119 CVE-2019-17135: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of

CVE-2019-13333 [HIGH] CWE-787 CVE-2019-13333: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from th

CVE-2019-17139 [HIGH] CWE-787 CVE-2019-17139: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issu