Foxitsoftware Reader vulnerabilities
259 known vulnerabilities affecting foxitsoftware/reader.
Total CVEs
259
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH228MEDIUM13LOW7
Vulnerabilities
Page 1 of 13
CVE-2021-31473HIGHCVSS 7.8≤ 10.1.3.375982021-05-21
CVE-2021-31473 [HIGH] CWE-787 CVE-2021-31473: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browseForDoc function. The issue results from the lack of pr
nvd
CVE-2021-31457HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31457 [HIGH] CWE-416 CVE-2021-31457: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the l
nvd
CVE-2021-31458HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31458 [HIGH] CWE-416 CVE-2021-31458: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the l
nvd
CVE-2021-31456HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31456 [HIGH] CWE-416 CVE-2021-31456: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the l
nvd
CVE-2021-31460HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31460 [HIGH] CWE-416 CVE-2021-31460: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack
nvd
CVE-2021-31461HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31461 [HIGH] CWE-843 CVE-2021-31461: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from th
nvd
CVE-2021-31459HIGHCVSS 7.8≤ 10.1.3.375982021-05-07
CVE-2021-31459 [HIGH] CWE-416 CVE-2021-31459: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of va
nvd
CVE-2018-20312HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20312 [HIGH] CVE-2018-20312: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
nvd
CVE-2018-20310HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20310 [HIGH] CWE-125 CVE-2018-20310: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2018-20314HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20314 [HIGH] CWE-125 CVE-2018-20314: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence ra
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2018-20313HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20313 [HIGH] CWE-125 CVE-2018-20313: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction r
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2018-20316HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20316 [HIGH] CVE-2018-20316: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
nvd
CVE-2018-20311HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20311 [HIGH] CWE-125 CVE-2018-20311: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2018-20309HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20309 [HIGH] CWE-125 CVE-2018-20309: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition r
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2018-20315HIGHCVSS 8.1fixed in 9.52021-01-07
CVE-2018-20315 [HIGH] CWE-362 CVE-2018-20315: Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
nvd
CVE-2020-12248HIGHCVSS 8.8≤ 10.0.0.357982020-09-04
CVE-2020-12248 [HIGH] CWE-787 CVE-2020-12248: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arb
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
nvd
CVE-2020-12247HIGHCVSS 7.1≤ 10.0.0.357982020-09-04
CVE-2020-12247 [HIGH] CWE-125 CVE-2020-12247: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.
nvd
CVE-2020-11493HIGHCVSS 8.1≤ 10.0.0.357982020-09-04
CVE-2020-11493 [HIGH] CWE-345 CVE-2020-11493: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
nvd
CVE-2020-15638HIGHCVSS 7.8≤ 10.0.0.357982020-08-20
CVE-2020-15638 [HIGH] CWE-843 CVE-2020-15638: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue
nvd
CVE-2020-15637LOWCVSS 3.3≤ 10.0.0.357982020-08-20
CVE-2020-15637 [LOW] CWE-416 CVE-2020-15637: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions
nvd
1 / 13Next →