Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Reader
(Foxitsoftware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-07 | CVE-2018-20310 | Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | Phantompdf, Reader | 8.1 | ||
| 2020-09-04 | CVE-2020-12247 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | Phantompdf, Reader | N/A | ||
| 2020-09-04 | CVE-2020-12248 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | Phantompdf, Reader | N/A | ||
| 2020-09-04 | CVE-2020-11493 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | Phantompdf, Reader | N/A | ||
| 2020-06-04 | CVE-2019-20827 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. | Phantompdf, Reader | N/A | ||
| 2020-06-04 | CVE-2019-20826 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. | Phantompdf, Reader | N/A | ||
| 2020-06-04 | CVE-2018-21240 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | Phantompdf, Reader | N/A | ||
| 2020-06-04 | CVE-2018-21239 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | Phantompdf, Reader | N/A | ||
| 2020-06-04 | CVE-2018-21236 | An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | Reader | N/A | ||
| 2020-06-04 | CVE-2019-20837 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | Phantompdf, Reader | N/A |