Vulnerabilities > Foxitsoftware

DATE CVE VULNERABILITY TITLE RISK
2021-01-07 CVE-2018-20310 Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
network
high complexity
foxitsoftware CWE-787
8.1
8.1
2021-01-07 CVE-2018-20309 Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
network
high complexity
foxitsoftware CWE-787
8.1
8.1
2021-01-07 CVE-2018-19418 Command Injection vulnerability in Foxitsoftware PDF Activex 5.5.0
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.
local
low complexity
foxitsoftware CWE-77
7.8
7.8
2020-12-31 CVE-2020-35931 Improper Check for Unusual or Exceptional Conditions vulnerability in Foxitsoftware Foxit Reader
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS).
local
low complexity
foxitsoftware CWE-754
7.8
7.8
2020-12-22 CVE-2020-13547 Type Confusion vulnerability in Foxitsoftware Foxit Reader 10.0.0.37527
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527.
network
low complexity
foxitsoftware CWE-843
8.8
8.8
2020-12-22 CVE-2020-13570 Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.0.37527
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527.
network
low complexity
foxitsoftware CWE-416
8.8
8.8
2020-12-22 CVE-2020-13560 Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.0.37527
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527.
network
low complexity
foxitsoftware CWE-416
8.8
8.8
2020-12-22 CVE-2020-13557 Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.0.37527
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527.
network
low complexity
foxitsoftware CWE-416
8.8
8.8
2020-12-15 CVE-2020-28203 NULL Pointer Dereference vulnerability in Foxitsoftware Foxit Reader
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier.
local
low complexity
foxitsoftware CWE-476
5.5
5.5
2020-11-02 CVE-2020-14425 Unspecified vulnerability in Foxitsoftware Foxit Reader 9.7.1/9.7.1.29511/9.7.2.29539
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API.
local
low complexity
foxitsoftware
7.8
7.8