Foxitsoftware Phantompdf vulnerabilities
549 known vulnerabilities affecting foxitsoftware/phantompdf.
Total CVEs
549
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH438MEDIUM68LOW17
Vulnerabilities
Page 6 of 28
CVE-2019-20834HIGHCVSS 7.5fixed in 8.3.102020-06-04
CVE-2019-20834 [HIGH] CWE-347 CVE-2019-20834: An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
nvd
CVE-2019-20818HIGHCVSS 7.5fixed in 9.72020-06-04
CVE-2019-20818 [HIGH] CWE-770 CVE-2019-20818: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption beca
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
nvd
CVE-2019-20826HIGHCVSS 7.5fixed in 3.32020-06-04
CVE-2019-20826 [HIGH] CWE-476 CVE-2019-20826: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NU
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
nvd
CVE-2019-20837HIGHCVSS 7.5fixed in 9.52020-06-04
CVE-2019-20837 [HIGH] CWE-347 CVE-2019-20837: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation by
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
nvd
CVE-2020-13803HIGHCVSS 7.5fixed in 4.02020-06-04
CVE-2020-13803 [HIGH] CWE-347 CVE-2020-13803: An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signa
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
nvd
CVE-2020-13806HIGHCVSS 7.5fixed in 9.7.22020-06-04
CVE-2020-13806 [HIGH] CWE-416 CVE-2020-13806: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
nvd
CVE-2020-13809HIGHCVSS 7.5fixed in 9.7.22020-06-04
CVE-2020-13809 [HIGH] CWE-400 CVE-2020-13809: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
nvd
CVE-2019-20813HIGHCVSS 7.5fixed in 8.3.122020-06-04
CVE-2019-20813 [HIGH] CWE-476 CVE-2019-20813: An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
nvd
CVE-2018-21240HIGHCVSS 7.5fixed in 9.22020-06-04
CVE-2018-21240 [HIGH] CWE-400 CVE-2018-21240: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
nvd
CVE-2019-20828HIGHCVSS 7.5fixed in 9.62020-06-04
CVE-2019-20828 [HIGH] CWE-120 CVE-2019-20828: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
nvd
CVE-2019-20832MEDIUMCVSS 4.3fixed in 8.3.102020-06-04
CVE-2019-20832 [MEDIUM] CVE-2019-20832: An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
nvd
CVE-2018-21239MEDIUMCVSS 5.3fixed in 9.22020-06-04
CVE-2018-21239 [MEDIUM] CWE-522 CVE-2018-21239: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft v
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
nvd
CVE-2018-21237MEDIUMCVSS 5.3fixed in 8.3.72020-06-04
CVE-2018-21237 [MEDIUM] CWE-522 CVE-2018-21237: An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoTo
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
nvd
CVE-2019-20835MEDIUMCVSS 4.3fixed in 9.52020-06-04
CVE-2019-20835 [MEDIUM] CVE-2019-20835: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
nvd
CVE-2018-21243MEDIUMCVSS 6.5fixed in 8.3.62020-06-04
CVE-2018-21243 [MEDIUM] CWE-434 CVE-2018-21243: An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microso
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.
nvd
CVE-2020-10895HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10895 [HIGH] CWE-125 CVE-2020-10895: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
nvd
CVE-2020-10913HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10913 [HIGH] CWE-843 CVE-2020-10913: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the commun
nvd
CVE-2020-10906HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10906 [HIGH] CWE-416 CVE-2020-10906: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. The issue results from the lack of validati
nvd
CVE-2020-10890HIGHCVSS 8.8≤ 9.7.1.295112020-04-22
CVE-2020-10890 [HIGH] CWE-352 CVE-2020-10890: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the
nvd
CVE-2020-10899HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10899 [HIGH] CWE-416 CVE-2020-10899: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack
nvd