Foxitsoftware Phantompdf vulnerabilities
549 known vulnerabilities affecting foxitsoftware/phantompdf.
Total CVEs
549
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH438MEDIUM68LOW17
Vulnerabilities
Page 25 of 28
CVE-2018-9942HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9942 [HIGH] CWE-704 CVE-2018-9942: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from t
nvd
CVE-2018-9961HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9961 [HIGH] CWE-416 CVE-2018-9961: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the
nvd
CVE-2018-9957HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9957 [HIGH] CWE-416 CVE-2018-9957: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed
nvd
CVE-2018-10474HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10474 [HIGH] CWE-787 CVE-2018-10474: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the l
nvd
CVE-2018-9981HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9981 [HIGH] CWE-824 CVE-2018-9981: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of prope
nvd
CVE-2018-9954HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9954 [HIGH] CWE-416 CVE-2018-9954: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute,
nvd
CVE-2018-9965HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9965 [HIGH] CWE-416 CVE-2018-9965: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAction method of Link objects. The issue res
nvd
CVE-2018-10494HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10494 [HIGH] CWE-121 CVE-2018-10494: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lac
nvd
CVE-2018-9967HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9967 [HIGH] CWE-416 CVE-2018-9967: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue result
nvd
CVE-2018-9974HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9974 [HIGH] CWE-122 CVE-2018-9974: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper val
nvd
CVE-2018-10489HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10489 [HIGH] CWE-787 CVE-2018-10489: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures.
nvd
CVE-2018-9941HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9941 [HIGH] CWE-704 CVE-2018-9941: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from t
nvd
CVE-2018-9960HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9960 [HIGH] CWE-416 CVE-2018-9960: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results fro
nvd
CVE-2018-10488HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-10488 [HIGH] CWE-122 CVE-2018-10488: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results f
nvd
CVE-2018-9938HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9938 [HIGH] CWE-704 CVE-2018-9938: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the
nvd
CVE-2018-9936HIGHCVSS 8.8≤ 9.0.1.10492018-05-17
CVE-2018-9936 [HIGH] CWE-704 CVE-2018-9936: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of
nvd
CVE-2018-9976MEDIUMCVSS 6.5≤ 9.0.1.10492018-05-17
CVE-2018-9976 [MEDIUM] CWE-125 CVE-2018-9976: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue
nvd
CVE-2018-9978MEDIUMCVSS 6.5≤ 9.0.1.10492018-05-17
CVE-2018-9978 [MEDIUM] CWE-125 CVE-2018-9978: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the la
nvd
CVE-2018-9972MEDIUMCVSS 6.5≤ 9.0.1.10492018-05-17
CVE-2018-9972 [MEDIUM] CWE-125 CVE-2018-9972: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of
nvd
CVE-2018-10492MEDIUMCVSS 6.5≤ 9.0.1.10492018-05-17
CVE-2018-10492 [MEDIUM] CWE-125 CVE-2018-10492: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installat
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation
nvd