CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-18688
https://notcve.org/view.php?id=CVE-2018-18688
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35931
https://notcve.org/view.php?id=CVE-2020-35931
31 Dec 2020 — An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. Se detectó un problema en Foxit Reader versiones anteriores a 10.1.1 (y versiones anteriores a 4.1.1 en macOS) y PhantomPDF versiones anteriores a... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13547
https://notcve.org/view.php?id=CVE-2020-13547
22 Dec 2020 — A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de confusión de tipos ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1165 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28203
https://notcve.org/view.php?id=CVE-2020-28203
15 Dec 2020 — An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). Se detectó un problema en Foxit Reader y PhantomPDF versiones10.1.0.37527 y anteriores. Se presenta un acceso y desreferenciación del puntero null al abrir un archivo PDF diseñado, conllevando a que la aplicación se bloquee (denegación de servicio) • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-27860 – Foxit Reader XFA Template Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27860
09 Dec 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerabili... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 34%CPEs: 1EXPL: 3CVE-2020-14425 – Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
https://notcve.org/view.php?id=CVE-2020-14425
01 Nov 2020 — Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. Foxit Reader versiones anteriores a 10.0, permite una Ejecución de Comandos Remota por medio de la API JavsScript app.opencPDFWebPage. Un atacante puede ejecutar archivos locales y omitir el cuadro de diálogo de seguridad Foxit Reader version 9.7.1 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/159784 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26534
https://notcve.org/view.php?id=CVE-2020-26534
02 Oct 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Existe un uso de la memoria previamente liberada del objeto Opt relacionado con las funciones Field::ClearItems y Field::DeleteOptions, durante una ejecución JavaScript de AcroForm • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26535
https://notcve.org/view.php?id=CVE-2020-26535
02 Oct 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Si TslAlloc intenta asignar el almacenamiento local de hilos (subprocesos) pero obtiene un valor de índice inaceptable, V8 lanza una excepción que conlleva a una violación ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26536
https://notcve.org/view.php?id=CVE-2020-26536
02 Oct 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. Se presenta una desreferencia del puntero NULL por medio de un documento PDF diseñado • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26537
https://notcve.org/view.php?id=CVE-2020-26537
02 Oct 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 10.1. En un determinado cálculo de Shading, el número de salidas es desigual al número de componentes de color en un espacio de color. • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •