CVE-2019-14210
https://notcve.org/view.php?id=CVE-2019-14210
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. Se detectó un problema en PhantomPDF anterior a versión 8.3.10 Foxit. La aplicación podría estar expuesta a una Corrupción de Memoria debido al uso de una copia de puntero no válida, resultando de un objeto de cadena destruido. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVE-2019-14209
https://notcve.org/view.php?id=CVE-2019-14209
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm. Se detectó un problema en PhantomPDF anterior a versión 8.3.10 Foxit. La aplicación podría estar expuesta a la Corrupción de Pila debido a la desincronía de datos al agregar AcroForm. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVE-2019-14208
https://notcve.org/view.php?id=CVE-2019-14208
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary. Se detectó un problema en PhantomPDF anterior a versión 8.3.10 de Foxit . La aplicación podría estar expuesta a una desreferencia de un puntero NULL y un bloqueo al conseguir un objeto PDF desde un documento, o al analizar un portafolio determinado que contiene un diccionario null. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVE-2019-14207
https://notcve.org/view.php?id=CVE-2019-14207
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). Se detectó un problema en PhantomPDF anterior a versión 8.3.11 de Foxit. La aplicación podría bloquearse al llamar a la función clone debido a un bucle infinito que resulta de las relaciones confusas entre un objeto hijo y padre (causado por un error de adición). • http://www.securityfocus.com/bid/109314 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-13316 – Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13316
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-633 • CWE-416: Use After Free •