CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20828
https://notcve.org/view.php?id=CVE-2019-20828
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta un desbordamiento de búfer porque no ocurre una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20829
https://notcve.org/view.php?id=CVE-2019-20829
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcsl en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20830
https://notcve.org/view.php?id=CVE-2019-20830
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20835
https://notcve.org/view.php?id=CVE-2019-20835
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de homógrafos • https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20836
https://notcve.org/view.php?id=CVE-2019-20836
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Presenta un manejo inapropiado de las credenciales en la nube, como es demostrado por Google Drive • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20837
https://notcve.org/view.php?id=CVE-2019-20837
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.5. Permite una omisión de comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20820
https://notcve.org/view.php?id=CVE-2019-20820
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Presenta una desreferencia del puntero NULL de puntero durante el análisis sintáctico de los datos de los archivos • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20819
https://notcve.org/view.php?id=CVE-2019-20819
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Permite el consumo de pila por medio de llamadas de funciones anidadas para el análisis de XML • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20818
https://notcve.org/view.php?id=CVE-2019-20818
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Permite el consumo de la memoria porque los datos son creados para cada página de un nivel de aplicación • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-770: Allocation of Resources Without Limits or Throttling •