CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20826
https://notcve.org/view.php?id=CVE-2019-20826
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. Se detectó un problema en Foxit PhantomPDF Mac versión 3.3 y Foxit Reader para Mac versiones anteriores a 3.3. Presenta una desreferencia del puntero NULL • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20827
https://notcve.org/view.php?id=CVE-2019-20827
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. Se detectó un problema en Foxit PhantomPDF Mac versión 3.3 y Foxit Reader para Mac versiones anteriores a 3.3. Permite el consumo de la pila debido a la interacción entre el espacio de color ICC-Based y el espacio de color Alternate • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20828
https://notcve.org/view.php?id=CVE-2019-20828
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta un desbordamiento de búfer porque no ocurre una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20829
https://notcve.org/view.php?id=CVE-2019-20829
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcsl en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20830
https://notcve.org/view.php?id=CVE-2019-20830
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20835
https://notcve.org/view.php?id=CVE-2019-20835
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de homógrafos • https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20836
https://notcve.org/view.php?id=CVE-2019-20836
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de las credenciales en la nube, como es demostrado por Google Drive • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20837
https://notcve.org/view.php?id=CVE-2019-20837
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Permite una omisión de comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21236
https://notcve.org/view.php?id=CVE-2018-21236
04 Jun 2020 — An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. Se detectó un problema en Foxit Reader versiones anteriores a 2.4.4. Presenta una desreferencia del puntero NULL • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •