Filtered by vendor Foxitsoftware
Subscribe
Total
797 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-17420 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11193. | |||||
CVE-2020-14425 | 1 Foxitsoftware | 1 Foxit Reader | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. | |||||
CVE-2020-26538 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | |||||
CVE-2020-13560 | 1 Foxitsoftware | 1 Foxit Reader | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
CVE-2020-17422 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11195. | |||||
CVE-2020-17434 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11357. | |||||
CVE-2018-20309 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
CVE-2020-26534 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | |||||
CVE-2018-20314 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
CVE-2020-17427 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11334. | |||||
CVE-2020-17419 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11192. | |||||
CVE-2020-17414 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229. | |||||
CVE-2018-20312 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | |||||
CVE-2020-26535 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | |||||
CVE-2019-20829 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. | |||||
CVE-2020-12247 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | |||||
CVE-2020-15630 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10977. | |||||
CVE-2020-13808 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. | |||||
CVE-2019-20815 | 1 Foxitsoftware | 1 Phantompdf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. |