Foxitsoftware Reader vulnerabilities
259 known vulnerabilities affecting foxitsoftware/reader.
Total CVEs
259
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH228MEDIUM13LOW7
Vulnerabilities
Page 3 of 13
CVE-2020-13809HIGHCVSS 7.5fixed in 9.7.22020-06-04
CVE-2020-13809 [HIGH] CWE-400 CVE-2020-13809: An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
nvd
CVE-2018-21240HIGHCVSS 7.5fixed in 9.22020-06-04
CVE-2018-21240 [HIGH] CWE-400 CVE-2018-21240: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
nvd
CVE-2019-20828HIGHCVSS 7.5fixed in 9.62020-06-04
CVE-2019-20828 [HIGH] CWE-120 CVE-2019-20828: An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
nvd
CVE-2018-21239MEDIUMCVSS 5.3fixed in 9.22020-06-04
CVE-2018-21239 [MEDIUM] CWE-522 CVE-2018-21239: An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft v
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
nvd
CVE-2019-20835MEDIUMCVSS 4.3fixed in 9.52020-06-04
CVE-2019-20835 [MEDIUM] CVE-2019-20835: An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
nvd
CVE-2020-10895HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10895 [HIGH] CWE-125 CVE-2020-10895: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
nvd
CVE-2020-10906HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10906 [HIGH] CWE-416 CVE-2020-10906: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. The issue results from the lack of validati
nvd
CVE-2020-10890HIGHCVSS 8.8≤ 9.7.1.295112020-04-22
CVE-2020-10890 [HIGH] CWE-352 CVE-2020-10890: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the
nvd
CVE-2020-10899HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10899 [HIGH] CWE-416 CVE-2020-10899: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack
nvd
CVE-2020-10909HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10909 [HIGH] CWE-843 CVE-2020-10909: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AddWatermark command of the communication
nvd
CVE-2020-10904HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10904 [HIGH] CWE-787 CVE-2020-10904: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
nvd
CVE-2020-10910HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10910 [HIGH] CWE-843 CVE-2020-10910: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication A
nvd
CVE-2020-10893HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10893 [HIGH] CWE-787 CVE-2020-10893: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue resu
nvd
CVE-2020-10897HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10897 [HIGH] CWE-787 CVE-2020-10897: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
nvd
CVE-2020-10892HIGHCVSS 8.8≤ 9.7.1.295112020-04-22
CVE-2020-10892 [HIGH] CWE-352 CVE-2020-10892: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the
nvd
CVE-2020-10912HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10912 [HIGH] CWE-843 CVE-2020-10912: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communicatio
nvd
CVE-2020-10891HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10891 [HIGH] CWE-843 CVE-2020-10891: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Save command of the communication API. Th
nvd
CVE-2020-10889HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10889 [HIGH] CWE-843 CVE-2020-10889: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DuplicatePages command of the communicati
nvd
CVE-2020-10898HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10898 [HIGH] CWE-125 CVE-2020-10898: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results f
nvd
CVE-2020-10911HIGHCVSS 7.8≤ 9.7.1.295112020-04-22
CVE-2020-10911 [HIGH] CWE-843 CVE-2020-10911: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communicatio
nvd