Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.
Max CVSS
7.8
EPSS Score
2.78%
Published
2017-04-04
Updated
2017-04-11
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.
Max CVSS
7.8
EPSS Score
3.42%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.24%
Published
2016-04-22
Updated
2016-11-28
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
Max CVSS
7.5
EPSS Score
0.25%
Published
2016-04-22
Updated
2016-11-28
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.
Max CVSS
5.5
EPSS Score
0.16%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.
Max CVSS
7.8
EPSS Score
4.63%
Published
2016-04-22
Updated
2016-11-28
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.
Max CVSS
7.8
EPSS Score
4.28%
Published
2016-04-22
Updated
2016-11-28
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.
Max CVSS
7.8
EPSS Score
0.30%
Published
2016-04-22
Updated
2016-11-08
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.
Max CVSS
7.8
EPSS Score
0.36%
Published
2018-02-07
Updated
2018-02-24
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.
Max CVSS
7.8
EPSS Score
0.44%
Published
2018-02-07
Updated
2018-02-24
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-10-31
Updated
2017-07-29
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor."
Max CVSS
5.3
EPSS Score
0.15%
Published
2016-10-31
Updated
2016-11-29
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
Max CVSS
7.5
EPSS Score
0.60%
Published
2016-10-31
Updated
2016-11-29
Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.
Max CVSS
8.8
EPSS Score
2.46%
Published
2016-10-31
Updated
2016-11-29
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
Max CVSS
8.8
EPSS Score
1.01%
Published
2016-10-31
Updated
2016-11-29
The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue.
Max CVSS
6.5
EPSS Score
0.15%
Published
2016-10-31
Updated
2016-11-29
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0.
Max CVSS
7.8
EPSS Score
0.38%
Published
2017-01-13
Updated
2017-02-03
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Max CVSS
8.1
EPSS Score
3.14%
Published
2017-01-23
Updated
2017-01-26
The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Max CVSS
4.7
EPSS Score
1.01%
Published
2017-03-14
Updated
2019-10-03
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
Max CVSS
7.8
EPSS Score
0.38%
Published
2017-04-07
Updated
2017-04-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!