Product:

Phantompdf

(Foxitsoftware)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 544
Date Id Summary Products Score Patch Annotated
2021-03-30 CVE-2021-27262 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An... Foxit_reader, Phantompdf 3.3
2021-03-30 CVE-2021-27261 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can... Foxit_reader, Phantompdf 7.8
2021-02-12 CVE-2020-27860 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage... Foxit_reader, Phantompdf 7.8
2020-06-04 CVE-2019-20820 An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. Phantompdf, Reader 7.5
2020-06-04 CVE-2019-20816 An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. Phantompdf 7.5
2021-01-07 CVE-2018-18688 The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also... Master_pdf_editor, Foxit_reader, Phantompdf, Nitro_pro, Nitro_reader, Pdf_editor_6, Pdfelement6, Libreoffice, Power_pdf_standard, Pdf_studio, Pdf_studio_viewer_2018, Perfect_pdf_10, Perfect_pdf_reader 5.3
2021-01-07 CVE-2018-20316 Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. Phantompdf, Reader 8.1
2021-01-07 CVE-2018-20315 Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Phantompdf, Reader 8.1
2021-01-07 CVE-2018-20309 Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Phantompdf, Reader 8.1
2021-01-07 CVE-2018-20314 Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. Phantompdf, Reader 8.1