CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27263 – Foxit PhantomPDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27263
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-21-345 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-13548
https://notcve.org/view.php?id=CVE-2020-13548
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. En Foxit Reader versión 10.1.0.37527, un documento PDF especialmente diseñado puede desencadenar la reutilización de la memoria previamente liberada, lo que puede conllevar a una ejecución de código arbitraria. Un atacante debe engañar al usuario a abrir el archivo malicioso para desencadenar esta vulnerabilidad. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1166 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. • https://pdf-insecurity.org/signature/evaluation_2018.html https://pdf-insecurity.org/signature/signature.html https://www.foxitsoftware.com/support/security-bulletins.php https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-18688
https://notcve.org/view.php?id=CVE-2018-18688
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader. • https://pdf-insecurity.org/signature/evaluation_2018.html https://pdf-insecurity.org/signature/signature.html https://www.foxitsoftware.com/support/security-bulletins.php https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20316
https://notcve.org/view.php?id=CVE-2018-20316
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. Foxit Reader versiones anteriores a 9.5, y PhantomPDF versiones anteriores a 8.3.10 y versiones 9.x anteriores a 9.5, presenta una condición de carrera de la función proxyDoAction que puede causar un desbordamiento del búfer en la región stack de la memoria o una lectura fuera de límites, un problema diferente de CVE-2018-20310 debido a un código de operación diferente • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •