Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phantompdf
(Foxitsoftware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-04 | CVE-2020-13808 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. | Phantompdf, Reader | 7.5 | ||
| 2020-06-04 | CVE-2019-20814 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. | Phantompdf | 7.5 | ||
| 2020-06-04 | CVE-2019-20815 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | Phantompdf | 7.5 | ||
| 2020-06-04 | CVE-2019-20818 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. | Phantompdf, Reader | 7.5 | ||
| 2020-06-04 | CVE-2019-20819 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. | Phantompdf, Reader | 7.5 | ||
| 2020-06-04 | CVE-2019-20833 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. | Phantompdf | 7.5 | ||
| 2020-10-02 | CVE-2020-26538 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | Foxit_reader, Phantompdf | 7.8 | ||
| 2021-07-09 | CVE-2021-33792 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. | Foxit_reader, Phantompdf | 7.8 | ||
| 2021-07-09 | CVE-2021-33795 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. | Foxit_reader, Phantompdf | 5.5 | ||
| 2021-06-16 | CVE-2021-31476 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to... | Foxit_reader, Phantompdf | 7.8 |