Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phantompdf
(Foxitsoftware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-31 | CVE-2020-35931 | An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. | Foxit_reader, Phantompdf | 7.8 | ||
| 2021-08-11 | CVE-2021-33793 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. | Foxit_reader, Phantompdf | 9.8 | ||
| 2021-08-11 | CVE-2021-33794 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | Foxit_reader, Phantompdf | 9.1 | ||
| 2021-08-11 | CVE-2021-38569 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects. | Foxit_reader, Phantompdf | 7.5 | ||
| 2021-08-11 | CVE-2021-38571 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502. | Foxit_reader, Phantompdf | 7.8 | ||
| 2021-08-11 | CVE-2021-38570 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. | Foxit_reader, Phantompdf | 9.1 | ||
| 2021-08-11 | CVE-2021-38572 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated. | Foxit_reader, Phantompdf | 9.8 | ||
| 2021-08-11 | CVE-2021-38574 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string. | Foxit_reader, Phantompdf | 9.8 | ||
| 2021-08-11 | CVE-2021-38573 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated. | Foxit_reader, Phantompdf | 9.8 | ||
| 2020-06-04 | CVE-2020-13806 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | Phantompdf, Reader | 7.5 |