Foxitsoftware Phantompdf vulnerabilities

CVE-2020-17410 [HIGH] CWE-416 CVE-2020-17410: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of

CVE-2020-17414 [HIGH] CWE-732 CVE-2020-17414: This vulnerability allows local attackers to escalate privileges on affected installations of Foxit This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Up

CVE-2020-26537 [CRITICAL] CWE-787 CVE-2020-26537: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.

CVE-2020-26535 [CRITICAL] CWE-787 CVE-2020-26535: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

CVE-2020-26534 [CRITICAL] CWE-416 CVE-2020-26534: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.

CVE-2020-26539 [CRITICAL] CWE-416 CVE-2020-26539: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpr An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).

CVE-2020-26540 [HIGH] CWE-347 CVE-2020-26540: An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Run An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

CVE-2020-26538 [HIGH] CWE-427 CVE-2020-26538: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute a An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

CVE-2020-26536 [MEDIUM] CWE-476 CVE-2020-26536: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer derefere An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.

CVE-2020-12248 [HIGH] CWE-787 CVE-2020-12248: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arb In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.

CVE-2020-12247 [HIGH] CWE-125 CVE-2020-12247: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.

CVE-2020-11493 [HIGH] CWE-345 CVE-2020-11493: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

CVE-2020-15638 [HIGH] CWE-843 CVE-2020-15638: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue

CVE-2020-15637 [LOW] CWE-416 CVE-2020-15637: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions

CVE-2020-13804 [CRITICAL] CWE-798 CVE-2020-13804: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosur An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.

CVE-2018-21244 [CRITICAL] CWE-434 CVE-2018-21244: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.

CVE-2019-20825 [CRITICAL] CWE-787 CVE-2019-20825: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Intern An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.

CVE-2019-20827 [CRITICAL] CWE-787 CVE-2019-20827: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows s An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.

CVE-2019-20830 [CRITICAL] CWE-787 CVE-2019-20830: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write whe An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

CVE-2018-21242 [CRITICAL] CWE-200 CVE-2018-21242: An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoTo An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.