Page 12 of 84 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-20-520 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-909 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). Foxit Reader versión 9.6.0.25114 y anteriores, presenta dos bugs únicos de RecursiveCall que involucran 3 funciones que agotan la memoria de pila disponible debido a la recursión no controlada en el motor de JavaScript V8 (problema 2 de 2). • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). Foxit Reader versión 9.6.0.25114 y versiones anteriores, presenta dos errores únicos de RecursiveCall que involucran 3 funciones que agotan la memoria de pila disponible debido a la recursión no controlada en el motor de JavaScript V8 (problema 1 de 2). • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-674: Uncontrolled Recursion •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-426 • CWE-125: Out-of-bounds Read •