| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-2790 |
20 |
2
|
DoS Mem. Corr. |
2015-03-30 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. |
|
2 |
CVE-2017-17557 |
119 |
|
Exec Code Overflow |
2018-04-24 |
2018-06-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process. |
|
3 |
CVE-2018-10302 |
416 |
|
Exec Code |
2018-04-23 |
2018-05-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9. |
|
4 |
CVE-2018-10303 |
416 |
|
Exec Code |
2018-04-23 |
2018-05-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3. |
|
5 |
CVE-2018-14442 |
416 |
|
Exec Code |
2018-07-20 |
2018-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. |
|
6 |
CVE-2018-17607 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
7 |
CVE-2018-17608 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
8 |
CVE-2018-17609 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
9 |
CVE-2018-17610 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
10 |
CVE-2018-17611 |
416 |
|
DoS Exec Code |
2018-09-28 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. |
|
11 |
CVE-2019-5005 |
119 |
|
DoS Overflow Mem. Corr. |
2019-01-03 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. |
|
12 |
CVE-2019-5006 |
476 |
|
|
2019-01-03 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing. |
|
13 |
CVE-2019-5007 |
125 |
|
|
2019-01-03 |
2019-01-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. |
|
14 |
CVE-2019-14207 |
400 |
|
|
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). |
|
15 |
CVE-2019-14208 |
476 |
|
|
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary. |
|
16 |
CVE-2019-14209 |
119 |
|
Overflow |
2019-07-21 |
2019-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm. |
|
17 |
CVE-2019-14210 |
476 |
|
Mem. Corr. |
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. |
|
18 |
CVE-2019-14211 |
20 |
|
|
2019-07-21 |
2019-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. |
|
19 |
CVE-2019-14212 |
476 |
|
|
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object. |
|
20 |
CVE-2019-14213 |
20 |
|
|
2019-07-21 |
2019-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. |
|
21 |
CVE-2019-14214 |
20 |
|
DoS |
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. |
|
22 |
CVE-2019-14215 |
20 |
|
|
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer. |
