Talos Foxit vulnerabilities
5 known vulnerabilities affecting talos/foxit.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5
Vulnerabilities
Page 1 of 1
CVE-2018-3853HIGHCVSS 8.8vFoxit PDF Reader 9.0.1.10492018-06-04
CVE-2018-3853 [HIGH] CWE-416 CVE-2018-3853: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability
cvelistv5nvd
CVE-2017-14458HIGHCVSS 8.8vFoxit Software Foxit PDF Reader 8.3.2.25013.2018-04-23
CVE-2017-14458 [HIGH] CWE-416 CVE-2017-14458: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxi
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulner
cvelistv5nvd
CVE-2018-3850HIGHCVSS 8.8vFoxit PDF Reader 9.0.1.1049.2018-04-23
CVE-2018-3850 [HIGH] CWE-416 CVE-2018-3850: An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
cvelistv5nvd
CVE-2018-3843HIGHCVSS 8.8vFoxit PDF Reader 9.0.1.10492018-04-19
CVE-2018-3843 [HIGH] CWE-704 CVE-2018-3843: An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 pa
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs
cvelistv5nvd
CVE-2018-3842HIGHCVSS 8.8vFoxit Software Foxit PDF Reader 9.0.1.10492018-04-19
CVE-2018-3842 [HIGH] CWE-824 CVE-2018-3842: An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxi
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file
cvelistv5nvd