Foxitsoftware Phantompdf vulnerabilities

CVE-2020-13805 [CRITICAL] CWE-307 CVE-2020-13805: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack misha An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

CVE-2020-13814 [CRITICAL] CWE-416 CVE-2020-13814: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a d An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.

CVE-2020-13808 [HIGH] CWE-835 CVE-2020-13808: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

CVE-2018-21238 [HIGH] CWE-400 CVE-2018-21238: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayB An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.

CVE-2019-20824 [HIGH] CWE-476 CVE-2019-20824: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXS An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

CVE-2019-20829 [HIGH] CWE-476 CVE-2019-20829: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

CVE-2019-20821 [HIGH] CWE-476 CVE-2019-20821: An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference. An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.

CVE-2020-13815 [HIGH] CWE-400 CVE-2020-13815: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.

CVE-2019-20817 [HIGH] CWE-476 CVE-2019-20817: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

CVE-2019-20815 [HIGH] CWE-674 CVE-2019-20815: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested fu An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.

CVE-2018-21241 [HIGH] CWE-426 CVE-2018-21241: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allow An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.

CVE-2019-20816 [HIGH] CWE-476 CVE-2019-20816: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.

CVE-2019-20814 [HIGH] CWE-770 CVE-2019-20814: An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.

CVE-2020-13807 [HIGH] CWE-835 CVE-2020-13807: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference misha An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

CVE-2019-20820 [HIGH] CWE-476 CVE-2019-20820: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.

CVE-2019-20833 [HIGH] CWE-287 CVE-2019-20833: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

CVE-2019-20819 [HIGH] CWE-674 CVE-2019-20819: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via n An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

CVE-2020-13810 [HIGH] CWE-347 CVE-2020-13810: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2019-20823 [HIGH] CWE-120 CVE-2019-20823: An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a loopin An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

CVE-2019-20836 [HIGH] CWE-200 CVE-2019-20836: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud crede An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.