Foxit Phantompdf vulnerabilities

CVE-2019-17144 [HIGH] CWE-787 CVE-2019-17144: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from th

CVE-2019-17145 [HIGH] CWE-121 CVE-2019-17145: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from th

CVE-2019-17140 [HIGH] CWE-416 CVE-2019-17140: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the

CVE-2019-17141 [HIGH] CWE-416 CVE-2019-17141: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text

CVE-2019-17142 [HIGH] CWE-416 CVE-2019-17142: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listb

CVE-2019-17143 [MEDIUM] CWE-416 CVE-2019-17143: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from th

CVE-2019-6776 [HIGH] CWE-416 CVE-2019-6776: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroFo

CVE-2019-13316 [HIGH] CWE-416 CVE-2019-13316: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the

CVE-2019-13317 [HIGH] CWE-416 CVE-2019-13317: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the

CVE-2019-6762 [HIGH] CWE-416 CVE-2019-6762: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from th

CVE-2019-6765 [HIGH] CWE-125 CVE-2019-6765: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from th

CVE-2019-6752 [MEDIUM] CWE-125 CVE-2019-6752: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from

CVE-2019-6756 [MEDIUM] CWE-416 CVE-2019-6756: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from t

CVE-2019-6731 [HIGH] CWE-125 CVE-2019-6731: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of pr

CVE-2019-6732 [MEDIUM] CWE-125 CVE-2019-6732: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results fro

CVE-2019-6733 [MEDIUM] CWE-125 CVE-2019-6733: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of p

CVE-2019-6734 [MEDIUM] CWE-416 CVE-2019-6734: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions i

CVE-2018-17693 [HIGH] CWE-125 CVE-2018-17693: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from t

CVE-2018-17689 [HIGH] CWE-416 CVE-2018-17689: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The

CVE-2018-17687 [HIGH] CWE-416 CVE-2018-17687: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button.