CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13317 – Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13317
05 Jul 2019 — This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13318 – Foxit Reader Format String Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-13318
05 Jul 2019 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13319 – Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13319
05 Jul 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context o... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13320 – Foxit Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13320
05 Jul 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context o... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6774 – Foxit Reader AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6774
05 Jul 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6775 – Foxit Reader AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6775
05 Jul 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6776 – Foxit PhantomPDF addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6776
05 Jul 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6752 – Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-6752
29 Apr 2019 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjuncti... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 0CVE-2019-6753 – Foxit Reader XFA Stuff Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-6753
29 Apr 2019 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conju... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-6754 – Foxit Reader localFileStorage Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6754
29 Apr 2019 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of th... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •