Foxitsoftware Phantompdf vulnerabilities
549 known vulnerabilities affecting foxitsoftware/phantompdf.
Total CVEs
549
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH438MEDIUM68LOW17
Vulnerabilities
Page 24 of 28
CVE-2018-9970HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9970 [HIGH] CWE-416 CVE-2018-9970: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from
nvd
CVE-2018-9964HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9964 [HIGH] CWE-416 CVE-2018-9964: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results
nvd
CVE-2018-9968HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9968 [HIGH] CWE-416 CVE-2018-9968: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue res
nvd
CVE-2018-9951HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9951 [HIGH] CWE-416 CVE-2018-9951: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the la
nvd
CVE-2018-9939HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9939 [HIGH] CWE-704 CVE-2018-9939: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack o
nvd
CVE-2018-10491HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10491 [HIGH] CWE-787 CVE-2018-10491: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue re
nvd
CVE-2018-1173HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-1173 [HIGH] CWE-416 CVE-2018-1173: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results f
nvd
CVE-2018-1176HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-1176 [HIGH] CWE-787 CVE-2018-1176: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of prop
nvd
CVE-2018-9940HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9940 [HIGH] CWE-704 CVE-2018-9940: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from
nvd
CVE-2018-10483HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10483 [HIGH] CWE-787 CVE-2018-10483: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue resu
nvd
CVE-2018-9947HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9947 [HIGH] CWE-122 CVE-2018-9947: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of prop
nvd
CVE-2018-10490HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10490 [HIGH] CWE-119 CVE-2018-10490: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside U3D files. The issue
nvd
CVE-2018-1178HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-1178 [HIGH] CWE-416 CVE-2018-1178: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addField method. The issue results from the la
nvd
CVE-2018-9958HIGHCVSS 8.8PoC≤ 9.0.1.10492018-05-17
CVE-2018-9958 [HIGH] CWE-416 CVE-2018-9958: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute,
nvd
CVE-2018-9959HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9959 [HIGH] CWE-416 CVE-2018-9959: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results fr
nvd
CVE-2018-10484HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10484 [HIGH] CWE-665 CVE-2018-10484: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack
nvd
CVE-2018-9956HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9956 [HIGH] CWE-416 CVE-2018-9956: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the title attribu
nvd
CVE-2018-10477HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10477 [HIGH] CWE-787 CVE-2018-10477: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from t
nvd
CVE-2018-9949HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9949 [HIGH] CWE-122 CVE-2018-9949: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of prop
nvd
CVE-2018-9977HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9977 [HIGH] CWE-416 CVE-2018-9977: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue resu
nvd