CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15638 – Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15638
04 Aug 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20823
https://notcve.org/view.php?id=CVE-2019-20823
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta un desbordamiento de búfer porque no se produce una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20824
https://notcve.org/view.php?id=CVE-2019-20824
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcslen en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20825
https://notcve.org/view.php?id=CVE-2019-20825
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.11. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20828
https://notcve.org/view.php?id=CVE-2019-20828
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta un desbordamiento de búfer porque no ocurre una corrección de bucle después de que JavaScript actualiza Field APs • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20829
https://notcve.org/view.php?id=CVE-2019-20829
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una desreferencia del puntero NULL por medio de la función FXSYS_wcsl en un archivo Epub • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20830
https://notcve.org/view.php?id=CVE-2019-20830
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.6. Presenta una escritura fuera de límites cuando es usado Internet Explorer • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20832
https://notcve.org/view.php?id=CVE-2019-20832
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.10. Presenta un manejo inapropiado de homógrafos • https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20833
https://notcve.org/view.php?id=CVE-2019-20833
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.10. Presenta un manejo inapropiado de las credenciales en la nube, como es demostrado por Google Drive • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20834
https://notcve.org/view.php?id=CVE-2019-20834
04 Jun 2020 — An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit PhantomPDF versiones anteriores a 8.3.10. Permite una omisión de comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •