Page 17 of 547 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-20-932 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-20-933 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta un desbordamiento de búfer porque no se produce una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcslen en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •