Foxitsoftware Foxit Reader vulnerabilities
382 known vulnerabilities affecting foxitsoftware/foxit_reader.
Total CVEs
382
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH274MEDIUM75LOW11
Vulnerabilities
Page 5 of 20
CVE-2019-5031HIGHCVSS 8.8vFoxit Software Foxit PDF Reader 9.4.1.16828.2019-10-02
CVE-2019-5031 [HIGH] CWE-703 CVE-2019-5031: An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the ma
cvelistv5
CVE-2019-13123HIGHCVSS 7.5≤ 9.6.0.251142019-09-30
CVE-2019-13123 [HIGH] CWE-674 CVE-2019-13123: Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhaust
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).
nvd
CVE-2019-13124HIGHCVSS 7.5≤ 9.6.0.251142019-09-30
CVE-2019-13124 [HIGH] CWE-674 CVE-2019-13124: Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhaust
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).
nvd
CVE-2019-6760HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6760 [HIGH] CWE-787 CVE-2019-6760: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper vali
nvd
CVE-2019-6762HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6762 [HIGH] CWE-416 CVE-2019-6762: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from th
nvd
CVE-2019-6757HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6757 [HIGH] CWE-416 CVE-2019-6757: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating
nvd
CVE-2019-6759HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6759 [HIGH] CWE-787 CVE-2019-6759: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper vali
nvd
CVE-2019-6768HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6768 [HIGH] CWE-416 CVE-2019-6768: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue result
nvd
CVE-2019-6755HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6755 [HIGH] CWE-787 CVE-2019-6755: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper vali
nvd
CVE-2019-6761HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6761 [HIGH] CWE-416 CVE-2019-6761: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of
nvd
CVE-2019-6754HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6754 [HIGH] CWE-22 CVE-2019-6754: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of prope
nvd
CVE-2019-6769HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6769 [HIGH] CWE-416 CVE-2019-6769: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue result
nvd
CVE-2019-6763HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6763 [HIGH] CWE-416 CVE-2019-6763: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX
nvd
CVE-2019-6765HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6765 [HIGH] CWE-125 CVE-2019-6765: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from th
nvd
CVE-2019-6764HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6764 [HIGH] CWE-787 CVE-2019-6764: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the
nvd
CVE-2019-6767HIGHCVSS 7.8≤ 9.4.1.168282019-06-03
CVE-2019-6767 [HIGH] CWE-416 CVE-2019-6767: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue result
nvd
CVE-2019-6752MEDIUMCVSS 5.5≤ 9.4.1.168282019-06-03
CVE-2019-6752 [MEDIUM] CWE-125 CVE-2019-6752: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from
nvd
CVE-2019-6770MEDIUMCVSS 5.5≤ 9.4.1.168282019-06-03
CVE-2019-6770 [MEDIUM] CWE-416 CVE-2019-6770: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The iss
nvd
CVE-2019-6771MEDIUMCVSS 5.5≤ 9.4.1.168282019-06-03
CVE-2019-6771 [MEDIUM] CWE-416 CVE-2019-6771: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object
nvd
CVE-2019-6756MEDIUMCVSS 5.5≤ 9.4.1.168282019-06-03
CVE-2019-6756 [MEDIUM] CWE-416 CVE-2019-6756: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from t
nvd