Foxitsoftware Phantompdf vulnerabilities
549 known vulnerabilities affecting foxitsoftware/phantompdf.
Total CVEs
549
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH438MEDIUM68LOW17
Vulnerabilities
Page 14 of 28
CVE-2018-17656HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17656 [HIGH] CWE-416 CVE-2018-17656: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The iss
nvd
CVE-2018-17679HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17679 [HIGH] CWE-416 CVE-2018-17679: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elemen
nvd
CVE-2018-17702HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17702 [HIGH] CWE-416 CVE-2018-17702: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The iss
nvd
CVE-2018-17661HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17661 [HIGH] CWE-416 CVE-2018-17661: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the messageBox method of a Host object. The issue
nvd
CVE-2018-17655HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17655 [HIGH] CWE-416 CVE-2018-17655: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The iss
nvd
CVE-2018-17696HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17696 [HIGH] CWE-416 CVE-2018-17696: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack
nvd
CVE-2018-17669HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17669 [HIGH] CWE-416 CVE-2018-17669: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue resu
nvd
CVE-2018-17663HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17663 [HIGH] CWE-416 CVE-2018-17663: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue
nvd
CVE-2018-17644HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17644 [HIGH] CWE-416 CVE-2018-17644: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue resu
nvd
CVE-2018-17635HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17635 [HIGH] CWE-416 CVE-2018-17635: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lac
nvd
CVE-2018-17633HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17633 [HIGH] CWE-416 CVE-2018-17633: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The i
nvd
CVE-2018-17631HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17631 [HIGH] CWE-416 CVE-2018-17631: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from
nvd
CVE-2018-17627HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17627 [HIGH] CWE-416 CVE-2018-17627: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the
nvd
CVE-2018-17666HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17666 [HIGH] CWE-416 CVE-2018-17666: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue
nvd
CVE-2018-17648HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17648 [HIGH] CWE-416 CVE-2018-17648: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rotate property of a TimeField. The issue res
nvd
CVE-2018-17700HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17700 [HIGH] CWE-125 CVE-2018-17700: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results fro
nvd
CVE-2018-17645HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17645 [HIGH] CWE-416 CVE-2018-17645: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue res
nvd
CVE-2018-17638HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17638 [HIGH] CWE-416 CVE-2018-17638: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from t
nvd
CVE-2018-17641HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17641 [HIGH] CWE-416 CVE-2018-17641: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the deleteItem method of a TimeField. The issue r
nvd
CVE-2018-17675HIGHCVSS 8.8≤ 9.2.0.92972019-01-24
CVE-2018-17675 [HIGH] CWE-416 CVE-2018-17675: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The is
nvd