CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-14425 – Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
https://notcve.org/view.php?id=CVE-2020-14425
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. Foxit Reader versiones anteriores a 10.0, permite una Ejecución de Comandos Remota por medio de la API JavsScript app.opencPDFWebPage. Un atacante puede ejecutar archivos locales y omitir el cuadro de diálogo de seguridad Foxit Reader version 9.7.1 suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/48982 http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26534
https://notcve.org/view.php?id=CVE-2020-26534
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Existe un uso de la memoria previamente liberada del objeto Opt relacionado con las funciones Field::ClearItems y Field::DeleteOptions, durante una ejecución JavaScript de AcroForm • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26535
https://notcve.org/view.php?id=CVE-2020-26535
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Si TslAlloc intenta asignar el almacenamiento local de hilos (subprocesos) pero obtiene un valor de índice inaceptable, V8 lanza una excepción que conlleva a una violación de acceso de escritura (y una violación de acceso de lectura) • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26536
https://notcve.org/view.php?id=CVE-2020-26536
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Se presenta una desreferencia del puntero NULL por medio de un documento PDF diseñado • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26537
https://notcve.org/view.php?id=CVE-2020-26537
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. En un determinado cálculo de Shading, el número de salidas es desigual al número de componentes de color en un espacio de color. • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •