Foxitsoftware Foxit Reader vulnerabilities
382 known vulnerabilities affecting foxitsoftware/foxit_reader.
Total CVEs
382
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL22HIGH274MEDIUM75LOW11
Vulnerabilities
Page 7 of 20
CVE-2018-18933CRITICALCVSS 9.1v9.3.0.108262018-11-05
CVE-2018-18933 [CRITICAL] CWE-125 CVE-2018-18933: The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.108
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.
nvd
CVE-2018-14317HIGHCVSS 8.8≤ 9.1.0.50962018-08-30
CVE-2018-14317 [HIGH] CWE-843 CVE-2018-14317: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of p
nvd
CVE-2018-3924HIGHCVSS 7.8≤ 9.1.0.50962018-08-01
CVE-2018-3924 [HIGH] CWE-416 CVE-2018-3924: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulner
nvd
CVE-2018-3939HIGHCVSS 8.8≤ 9.1.0.50962018-08-01
CVE-2018-3939 [HIGH] CWE-416 CVE-2018-3939: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
nvd
CVE-2018-14247HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14247 [HIGH] CWE-843 CVE-2018-14247: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an a
nvd
CVE-2018-14265HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14265 [HIGH] CWE-843 CVE-2018-14265: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an
nvd
CVE-2018-14260HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14260 [HIGH] CWE-843 CVE-2018-14260: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript,
nvd
CVE-2018-14313HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14313 [HIGH] CWE-843 CVE-2018-14313: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of pro
nvd
CVE-2018-14284HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14284 [HIGH] CWE-416 CVE-2018-14284: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the newDoc function. The issue results from the l
nvd
CVE-2018-14315HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14315 [HIGH] CWE-416 CVE-2018-14315: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of v
nvd
CVE-2018-14243HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14243 [HIGH] CWE-843 CVE-2018-14243: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScr
nvd
CVE-2018-14241HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14241 [HIGH] CWE-843 CVE-2018-14241: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an atta
nvd
CVE-2018-14251HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14251 [HIGH] CWE-843 CVE-2018-14251: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an
nvd
CVE-2018-14253HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14253 [HIGH] CWE-843 CVE-2018-14253: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attac
nvd
CVE-2018-14274HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14274 [HIGH] CWE-843 CVE-2018-14274: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the scroll method. By performing actions in JavaScript, an attack
nvd
CVE-2018-14270HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14270 [HIGH] CWE-843 CVE-2018-14270: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript,
nvd
CVE-2018-14256HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14256 [HIGH] CWE-843 CVE-2018-14256: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attac
nvd
CVE-2018-14290HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14290 [HIGH] CWE-122 CVE-2018-14290: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of
nvd
CVE-2018-14293HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14293 [HIGH] CWE-416 CVE-2018-14293: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elemen
nvd
CVE-2018-14308HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14308 [HIGH] CWE-416 CVE-2018-14308: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results fro
nvd