Foxitsoftware Phantompdf vulnerabilities

CVE-2018-17686 [MEDIUM] CWE-125 CVE-2018-17686: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from t

CVE-2019-5007 [HIGH] CWE-125 CVE-2019-5007: An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

CVE-2019-5005 [MEDIUM] CWE-787 CVE-2019-5005: An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.

CVE-2019-5006 [MEDIUM] CWE-476 CVE-2019-5006: An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer d An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.

CVE-2018-17624 [HIGH] CWE-416 CVE-2018-17624: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of v

CVE-2018-17623 [HIGH] CWE-416 CVE-2018-17623: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of

CVE-2018-17618 [HIGH] CWE-416 CVE-2018-17618: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from t

CVE-2018-17706 [HIGH] CWE-787 CVE-2018-17706: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of prop

CVE-2018-17620 [HIGH] CWE-416 CVE-2018-17620: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack

CVE-2018-17615 [HIGH] CWE-416 CVE-2018-17615: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lac

CVE-2018-17616 [HIGH] CWE-416 CVE-2018-17616: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of

CVE-2018-17622 [MEDIUM] CWE-125 CVE-2018-17622: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results fr

CVE-2018-16293 [HIGH] CVE-2018-16293: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resul

CVE-2018-16294 [HIGH] CVE-2018-16294: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resul

CVE-2018-16297 [HIGH] CVE-2018-16297: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resul

CVE-2018-3945 [HIGH] CWE-416 CVE-2018-3945: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerabi

CVE-2018-16292 [HIGH] CVE-2018-16292: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resul

CVE-2018-3940 [HIGH] CWE-416 CVE-2018-3940: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.

CVE-2018-16296 [HIGH] CVE-2018-16296: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resul

CVE-2018-3941 [HIGH] CWE-416 CVE-2018-3941: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerabi