Foxitsoftware Foxit Reader vulnerabilities

CVE-2020-28203 [MEDIUM] CWE-476 CVE-2020-28203: An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null poi An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).

CVE-2020-14425 [HIGH] CVE-2020-14425: Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.

CVE-2020-17417 [HIGH] CWE-416 CVE-2020-17417: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from t

CVE-2020-17415 [HIGH] CWE-732 CVE-2020-17415: This vulnerability allows local attackers to escalate privileges on affected installations of Foxit This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Phant

CVE-2020-17416 [HIGH] CWE-787 CVE-2020-17416: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack

CVE-2020-17410 [HIGH] CWE-416 CVE-2020-17410: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of

CVE-2020-17414 [HIGH] CWE-732 CVE-2020-17414: This vulnerability allows local attackers to escalate privileges on affected installations of Foxit This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Up

CVE-2020-26537 [CRITICAL] CWE-787 CVE-2020-26537: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.

CVE-2020-26535 [CRITICAL] CWE-787 CVE-2020-26535: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

CVE-2020-26534 [CRITICAL] CWE-416 CVE-2020-26534: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.

CVE-2020-26539 [CRITICAL] CWE-416 CVE-2020-26539: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpr An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).

CVE-2020-26540 [HIGH] CWE-347 CVE-2020-26540: An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Run An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

CVE-2020-26538 [HIGH] CWE-427 CVE-2020-26538: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute a An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

CVE-2020-26536 [MEDIUM] CWE-476 CVE-2020-26536: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer derefere An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.

CVE-2020-10913 [HIGH] CWE-843 CVE-2020-10913: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the commun

CVE-2019-5126 [HIGH] CWE-416 CVE-2019-5126: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If

CVE-2019-5145 [HIGH] CWE-416 CVE-2019-5145: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If

CVE-2019-5131 [HIGH] CWE-416 CVE-2019-5131: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file

CVE-2019-5130 [HIGH] CWE-416 CVE-2019-5130: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to

CVE-2019-17139 [HIGH] CWE-787 CVE-2019-17139: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issu