CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-9961 – Foxit Reader Field rect Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9961
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code und... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-1179 – Foxit Reader GIF DataSubBlock Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-1179
20 Apr 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DataSubBlock structures in GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6169
https://notcve.org/view.php?id=CVE-2016-6169
07 Feb 2018 — Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. Desbordamiento de búfer basado en memoria dinámica (heap) en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y cierre inesperado... • https://fortiguard.com/zeroday/FG-VD-16-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6168
https://notcve.org/view.php?id=CVE-2016-6168
07 Feb 2018 — Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. Vulnerabilidad de uso de memoria previamente liberada en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) y ejecuten código arbitrario mediante un archivo PDF manipu... • https://fortiguard.com/zeroday/FG-VD-16-021 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10994
https://notcve.org/view.php?id=CVE-2017-10994
07 Jul 2017 — Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. Foxit Reader anterior a versión 8.3.1 y PhantomPDF anterior a versión 8.3.1, presenta una vulnerabilidad de Escritura Arbitraria, que permite a los atacantes remotos ejecutar código arbitrario por medio de un documento creado. • http://www.securityfocus.com/bid/99499 • CWE-123: Write-what-where Condition •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8454
https://notcve.org/view.php?id=CVE-2017-8454
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader en versiones anteriores a la 8.2.1 y PhantomPDF en versiones anteriores a la 8.2.1, presentan una vulnerabilidad de lectura fuera de límites que permite a atacantes remotos obtener información sensible o ejecutar código arbitrario a través de una fuente manipulada en un documento PDF... • http://www.securityfocus.com/bid/98320 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8453
https://notcve.org/view.php?id=CVE-2017-8453
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader en versiones anteriores a la 8.2.1 y PhantomPDF en versiones anteriores a la 8.2.1, presentan una vulnerabilidad de lectura fuera de límites que permite a atacantes remotos obtener información sensible o ejecutar código arbitrario a través de una fuente manipulada en un documento PDF... • http://www.securityfocus.com/bid/98317 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8455
https://notcve.org/view.php?id=CVE-2017-8455
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader anterior a 8.2.1 y PhantomPDF anterior a 8.2.1 están afectados por una lectura fuera de límites que permite a un atacante remoto obtener información sensible o ejecutar código de forma arbitraria utilizando una fuente manipulada en un documento PDF. • http://www.securityfocus.com/bid/98319 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 1%CPEs: 3EXPL: 0CVE-2017-6883
https://notcve.org/view.php?id=CVE-2017-6883
14 Mar 2017 — The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. El plugin ConvertToPDF en Foxit Reader en versiones anteriores a 8.2.1 y PhantomPD... • http://www.securityfocus.com/bid/96870 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4062
https://notcve.org/view.php?id=CVE-2016-4062
22 Apr 2016 — Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows reportan incorrectamente errores de formato recursivamente, lo que permite a atacantes remotos provocar una denegación de servicio (colgado de aplicación) a través de un PDF manipulado. • http://www.securityfocus.com/bid/90504 • CWE-19: Data Processing Errors •