CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20828
https://notcve.org/view.php?id=CVE-2019-20828
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta un desbordamiento de búfer porque no ocurre una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20829
https://notcve.org/view.php?id=CVE-2019-20829
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcsl en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20830
https://notcve.org/view.php?id=CVE-2019-20830
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20835
https://notcve.org/view.php?id=CVE-2019-20835
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de homógrafos • https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20836
https://notcve.org/view.php?id=CVE-2019-20836
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de las credenciales en la nube, como es demostrado por Google Drive • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20837
https://notcve.org/view.php?id=CVE-2019-20837
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Permite una omisión de comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-21239
https://notcve.org/view.php?id=CVE-2018-21239
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.2. Permite el robo de credenciales NTLM por medio de una acción GoToE o GoToR • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-21240
https://notcve.org/view.php?id=CVE-2018-21240
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.2. Permite el consumo de la memoria por medio de una llamada ArrayBuffer(0xfffffffe) • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20820
https://notcve.org/view.php?id=CVE-2019-20820
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Presenta una desreferencia del puntero NULL de puntero durante el análisis sintáctico de los datos de los archivos • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •