Foxitsoftware Reader vulnerabilities
259 known vulnerabilities affecting foxitsoftware/reader.
Total CVEs
259
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH228MEDIUM13LOW7
Vulnerabilities
Page 5 of 13
CVE-2020-8847HIGHCVSS 7.8≤ 9.7.0.294782020-02-14
CVE-2020-8847 [HIGH] CWE-787 CVE-2020-8847: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack o
nvd
CVE-2020-8855HIGHCVSS 7.8≤ 9.7.0.294782020-02-14
CVE-2020-8855 [HIGH] CWE-416 CVE-2020-8855: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of va
nvd
CVE-2020-8852LOWCVSS 3.3≤ 9.7.0.294782020-02-14
CVE-2020-8852 [LOW] CWE-125 CVE-2020-8852: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the
nvd
CVE-2019-5130HIGHCVSS 8.8≤ 9.7.0.294352020-01-16
CVE-2019-5130 [HIGH] CWE-416 CVE-2019-5130: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerab
nvd
CVE-2019-5126HIGHCVSS 8.8≤ 9.7.0.294352020-01-16
CVE-2019-5126 [HIGH] CWE-416 CVE-2019-5126: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, ver
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the br
nvd
CVE-2019-5131HIGHCVSS 8.8≤ 9.7.0.294352020-01-16
CVE-2019-5131 [HIGH] CWE-416 CVE-2019-5131: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnera
nvd
CVE-2019-5145HIGHCVSS 8.8≤ 9.7.0.294352020-01-16
CVE-2019-5145 [HIGH] CWE-416 CVE-2019-5145: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, ver
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the br
nvd
CVE-2019-13315HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-13315 [HIGH] CWE-416 CVE-2019-13315: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validat
nvd
CVE-2019-13319HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-13319 [HIGH] CWE-416 CVE-2019-13319: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of v
nvd
CVE-2019-6775HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-6775 [HIGH] CWE-416 CVE-2019-6775: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from t
nvd
CVE-2019-6774HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-6774 [HIGH] CWE-416 CVE-2019-6774: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue result
nvd
CVE-2019-13316HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-13316 [HIGH] CWE-416 CVE-2019-13316: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the
nvd
CVE-2019-6776HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-6776 [HIGH] CWE-416 CVE-2019-6776: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroFo
nvd
CVE-2019-13320HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-13320 [HIGH] CWE-416 CVE-2019-13320: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of v
nvd
CVE-2019-13317HIGHCVSS 7.8≤ 9.5.0.207232019-10-04
CVE-2019-13317 [HIGH] CWE-416 CVE-2019-13317: This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the
nvd
CVE-2019-17183HIGHCVSS 7.5fixed in 9.6.0.251142019-10-04
CVE-2019-17183 [HIGH] CWE-772 CVE-2019-17183: Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.
nvd
CVE-2019-13318MEDIUMCVSS 5.5≤ 9.5.0.207232019-10-04
CVE-2019-13318 [MEDIUM] CWE-134 CVE-2019-13318: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. Th
nvd
CVE-2019-13330HIGHCVSS 7.8≤ 9.6.0.251142019-10-03
CVE-2019-13330 [HIGH] CWE-843 CVE-2019-13330: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of p
nvd
CVE-2019-13327HIGHCVSS 7.8≤ 9.6.0.251142019-10-03
CVE-2019-13327 [HIGH] CWE-416 CVE-2019-13327: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue resul
nvd
CVE-2019-13326HIGHCVSS 7.8≤ 9.6.0.251142019-10-03
CVE-2019-13326 [HIGH] CWE-416 CVE-2019-13326: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue resul
nvd