Foxitsoftware Phantompdf vulnerabilities

CVE-2016-4065 [HIGH] CWE-119 CVE-2016-4065: The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.

CVE-2016-4059 [HIGH] CVE-2016-4059: Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote at Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

CVE-2016-4061 [HIGH] CWE-20 CVE-2016-4061: Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of serv Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.

CVE-2016-4063 [HIGH] CVE-2016-4063: Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote at Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

CVE-2016-4062 [MEDIUM] CWE-19 CVE-2016-4062: Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, whi Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

CVE-2015-8580 [MEDIUM] CVE-2015-8580: Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.

CVE-2015-3633 [MEDIUM] CWE-119 CVE-2015-3633: Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denia Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

CVE-2015-3632 [MEDIUM] CWE-119 CVE-2015-3632: Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denia Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

CVE-2015-2790 [MEDIUM] CWE-20 CVE-2015-2790: Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.