Foxitsoftware Phantompdf vulnerabilities
549 known vulnerabilities affecting foxitsoftware/phantompdf.
Total CVEs
549
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH438MEDIUM68LOW17
Vulnerabilities
Page 22 of 28
CVE-2018-14252HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14252 [HIGH] CWE-843 CVE-2018-14252: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an atta
nvd
CVE-2018-14262HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14262 [HIGH] CWE-843 CVE-2018-14262: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attack
nvd
CVE-2018-14249HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14249 [HIGH] CWE-843 CVE-2018-14249: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript,
nvd
CVE-2018-14277HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14277 [HIGH] CWE-843 CVE-2018-14277: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attac
nvd
CVE-2018-14273HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14273 [HIGH] CWE-843 CVE-2018-14273: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, a
nvd
CVE-2018-14276HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14276 [HIGH] CWE-843 CVE-2018-14276: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an at
nvd
CVE-2018-14257HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14257 [HIGH] CWE-843 CVE-2018-14257: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageBox method. By performing actions in JavaScript, an at
nvd
CVE-2018-14275HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14275 [HIGH] CWE-843 CVE-2018-14275: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaSc
nvd
CVE-2018-14295HIGHCVSS 8.8≤ 9.1.0.50962018-07-31
CVE-2018-14295 [HIGH] CWE-190 CVE-2018-14295: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading
nvd
CVE-2018-11621MEDIUMCVSS 6.5≤ 9.1.0.50962018-07-31
CVE-2018-11621 [MEDIUM] CWE-125 CVE-2018-11621: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack
nvd
CVE-2018-11620MEDIUMCVSS 6.5≤ 9.1.0.50962018-07-31
CVE-2018-11620 [MEDIUM] CWE-125 CVE-2018-11620: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack
nvd
CVE-2018-14316MEDIUMCVSS 6.5≤ 9.1.0.50962018-07-31
CVE-2018-14316 [MEDIUM] CWE-125 CVE-2018-14316: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results fro
nvd
CVE-2018-14289MEDIUMCVSS 6.5≤ 9.1.0.50962018-07-31
CVE-2018-14289 [MEDIUM] CWE-125 CVE-2018-14289: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from t
nvd
CVE-2018-14442CRITICALCVSS 9.8fixed in 9.22018-07-20
CVE-2018-14442 [CRITICAL] CWE-416 CVE-2018-14442: Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Ex
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.
nvd
CVE-2018-5678HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-5678 [HIGH] CVE-2018-5678: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files wit
nvd
CVE-2018-7407HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-7407 [HIGH] CWE-704 CVE-2018-7407: An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability all
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The
nvd
CVE-2018-5677HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-5677 [HIGH] CWE-125 CVE-2018-5677: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf f
nvd
CVE-2018-5674HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-5674 [HIGH] CWE-119 CVE-2018-5674: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf f
nvd
CVE-2018-7406HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-7406 [HIGH] CWE-129 CVE-2018-7406: An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability all
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue r
nvd
CVE-2018-5676HIGHCVSS 8.8≤ 9.0.1.10492018-05-24
CVE-2018-5676 [HIGH] CVE-2018-5676: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files wit
nvd