CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Foxitsoftware » Phantompdf » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38574 89 Sql 2021-08-11 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
2 CVE-2021-38573 2021-08-11 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
3 CVE-2021-38572 2021-08-11 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
4 CVE-2021-38570 59 2021-08-11 2021-08-12
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
5 CVE-2021-38569 674 2021-08-11 2021-08-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
6 CVE-2021-38568 787 Mem. Corr. 2021-08-11 2022-05-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
7 CVE-2021-33795 755 2021-07-09 2021-07-12
4.3
None Remote Medium Not required None Partial None
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.
8 CVE-2021-33794 2021-08-11 2021-08-12
6.4
None Remote Low Not required Partial None Partial
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.
9 CVE-2021-33793 787 2021-08-11 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.
10 CVE-2021-33792 787 2021-07-09 2021-07-12
6.8
None Remote Medium Not required Partial Partial Partial
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.
11 CVE-2020-28203 476 DoS 2020-12-15 2020-12-16
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).
12 CVE-2020-26539 416 Exec Code +Info 2020-10-02 2020-10-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
13 CVE-2020-26538 Exec Code 2020-10-02 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.
14 CVE-2020-26537 787 2020-10-02 2020-10-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
15 CVE-2020-26536 476 2020-10-02 2020-10-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.
16 CVE-2020-26535 787 2020-10-02 2020-10-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).
17 CVE-2020-26534 416 2020-10-02 2020-10-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
18 CVE-2020-13815 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
19 CVE-2020-13814 416 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.
20 CVE-2020-13810 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
21 CVE-2020-13809 400 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
22 CVE-2020-13808 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
23 CVE-2020-13807 835 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
24 CVE-2020-13806 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
25 CVE-2020-13805 307 2020-06-04 2020-06-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
26 CVE-2020-13804 798 2020-06-04 2020-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
27 CVE-2019-20837 347 Bypass 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
28 CVE-2019-20836 200 +Info 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
29 CVE-2019-20835 2020-06-04 2020-06-05
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
30 CVE-2019-20834 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
31 CVE-2019-20833 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
32 CVE-2019-20832 2020-06-04 2020-06-09
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
33 CVE-2019-20830 787 2020-06-04 2020-06-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
34 CVE-2019-20829 476 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
35 CVE-2019-20828 120 Overflow 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
36 CVE-2019-20825 787 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
37 CVE-2019-20824 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
38 CVE-2019-20823 120 Overflow 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
39 CVE-2019-20820 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
40 CVE-2019-20819 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
41 CVE-2019-20818 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
42 CVE-2019-20817 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
43 CVE-2019-20816 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
44 CVE-2019-20815 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
45 CVE-2019-20814 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
46 CVE-2019-20813 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
47 CVE-2019-5145 416 Exec Code 2020-01-16 2022-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
48 CVE-2019-5131 416 Exec Code 2020-01-16 2022-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
49 CVE-2019-5130 416 Exec Code 2020-01-16 2022-06-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
50 CVE-2019-5126 416 Exec Code 2020-01-16 2022-06-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Total number of vulnerabilities : 174   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.