CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11493
https://notcve.org/view.php?id=CVE-2020-11493
04 Sep 2020 — In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. En Foxit Reader y PhantomPDF versiones anteriores a 10.0.1, y PhantomPDF versiones anteriores a 9.7.3, los atacantes pueden obtener información confidencial sobre un objeto no inicializado debido a una transformación directa de un Objecto PDF a un Transmisión sin pr... • https://github.com/fengjixuchui/CVE-2020-11493 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15637 – Foxit PhantomPDF SetLocalDescription Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-15637
04 Aug 2020 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities t... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20820
https://notcve.org/view.php?id=CVE-2019-20820
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Presenta una desreferencia del puntero NULL de puntero durante el análisis sintáctico de los datos de los archivos • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20819
https://notcve.org/view.php?id=CVE-2019-20819
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Permite el consumo de pila por medio de llamadas de funciones anidadas para el análisis de XML • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20818
https://notcve.org/view.php?id=CVE-2019-20818
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Permite el consumo de la memoria porque los datos son creados para cada página de un nivel de aplicación • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20817
https://notcve.org/view.php?id=CVE-2019-20817
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7. Presenta una desreferencia del puntero NULL • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13815
https://notcve.org/view.php?id=CVE-2020-13815
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. Se detectó un problema en Foxit Reader y el PhantomPDF versiones anteriores a 9.7.1. Permite el consumo de pila por medio de un bucle de una referencia a objeto indirecta • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13814
https://notcve.org/view.php?id=CVE-2020-13814
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.1. Presenta un uso de la memoria previamente liberada por medio de un documento que carece de un diccionario • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13810
https://notcve.org/view.php?id=CVE-2020-13810
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Permite omitir la comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •