Foxitsoftware Reader vulnerabilities

CVE-2020-13804 [CRITICAL] CWE-798 CVE-2020-13804: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosur An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.

CVE-2019-20827 [CRITICAL] CWE-787 CVE-2019-20827: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows s An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.

CVE-2019-20830 [CRITICAL] CWE-787 CVE-2019-20830: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write whe An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

CVE-2020-13805 [CRITICAL] CWE-307 CVE-2020-13805: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack misha An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

CVE-2020-13814 [CRITICAL] CWE-416 CVE-2020-13814: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a d An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.

CVE-2020-13808 [HIGH] CWE-835 CVE-2020-13808: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.

CVE-2019-20829 [HIGH] CWE-476 CVE-2019-20829: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

CVE-2020-13815 [HIGH] CWE-400 CVE-2020-13815: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.

CVE-2019-20817 [HIGH] CWE-476 CVE-2019-20817: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.

CVE-2020-13807 [HIGH] CWE-835 CVE-2020-13807: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference misha An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.

CVE-2019-20820 [HIGH] CWE-476 CVE-2019-20820: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.

CVE-2019-20819 [HIGH] CWE-674 CVE-2019-20819: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via n An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.

CVE-2020-13810 [HIGH] CWE-347 CVE-2020-13810: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2019-20836 [HIGH] CWE-200 CVE-2019-20836: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud crede An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.

CVE-2019-20818 [HIGH] CWE-770 CVE-2019-20818: An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption beca An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.

CVE-2019-20826 [HIGH] CWE-476 CVE-2019-20826: An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NU An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

CVE-2019-20837 [HIGH] CWE-347 CVE-2019-20837: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation by An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2020-13803 [HIGH] CWE-347 CVE-2020-13803: An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signa An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2018-21236 [HIGH] CWE-476 CVE-2018-21236: An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.

CVE-2020-13806 [HIGH] CWE-416 CVE-2020-13806: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.