CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35931
https://notcve.org/view.php?id=CVE-2020-35931
31 Dec 2020 — An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. Se detectó un problema en Foxit Reader versiones anteriores a 10.1.1 (y versiones anteriores a 4.1.1 en macOS) y PhantomPDF versiones anteriores a... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1CVE-2020-13570
https://notcve.org/view.php?id=CVE-2020-13570
22 Dec 2020 — A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente libera... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1181 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 1CVE-2020-13560
https://notcve.org/view.php?id=CVE-2020-13560
22 Dec 2020 — A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente libe... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1175 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 11%CPEs: 1EXPL: 1CVE-2020-13557
https://notcve.org/view.php?id=CVE-2020-13557
22 Dec 2020 — A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente libe... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1171 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 4%CPEs: 4EXPL: 0CVE-2020-27860 – Foxit Reader XFA Template Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27860
09 Dec 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerabili... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •