CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5005 – Foxit Reader ConvertToPDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5005
03 Jan 2019 — An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. Se ha descubierto un problema en Foxit Reader y PhantomPDF en versiones anteriores a la 9.4 en Windows. Dichas versiones permitían denegaciones de servicio (cierre inesperado de la aplicación) mediante los datos de imagen, debido a que se escribían d... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5006
https://notcve.org/view.php?id=CVE-2019-5006
03 Jan 2019 — An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing. Se ha descubierto un problema en Foxit Reader y PhantomPDF en versiones anteriores a la 9.4 en Windows. Hay una desreferencia de puntero NULL durante el análisis de PDF. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5007
https://notcve.org/view.php?id=CVE-2019-5007
03 Jan 2019 — An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. Se ha descubierto un problema en Foxit Reader y PhantomPDF en versiones anteriores a la 9.4 en Windows. Es una vulnerabilidad de divulgación de información por lectura fuera de límites y un cierre inesperado debido a una desreferencia de puntero NULL cuando se leen datos TIFF durante el análisi... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-14317 – Foxit Reader PDF File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14317
14 Aug 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the con... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 1CVE-2018-3924
https://notcve.org/view.php?id=CVE-2018-3924
01 Aug 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad explotable de us... • http://www.securitytracker.com/id/1041353 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 1CVE-2018-3939
https://notcve.org/view.php?id=CVE-2018-3939
01 Aug 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad explotable de uso de mem... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2018-14442
https://notcve.org/view.php?id=CVE-2018-14442
20 Jul 2018 — Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. Foxit Reader en versiones anteriores a la 9.2 y PhantomPDF en versiones anteriores a la 9.2 tienen un uso de memoria previamente liberada que conduce a una ejecución remota de código. Esto también se conoce como V-88f4smlocs. • https://github.com/payatu/CVE-2018-14442 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2018-14296 – Foxit Reader Circle Annotation borderEffectStyle Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14296
19 Jul 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the contex... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2018-14301 – Foxit Reader Sound Annotation soundIcon Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14301
19 Jul 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-14253 – Foxit Reader getIcon Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14253
19 Jul 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •