Vulnerabilities > Foxitsoftware > Reader > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2018-20313 | Race Condition vulnerability in Foxitsoftware Phantompdf Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | 6.8 |
| 2021-01-07 | CVE-2018-20312 | Race Condition vulnerability in Foxitsoftware Phantompdf Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | 6.8 |
| 2021-01-07 | CVE-2018-20311 | Race Condition vulnerability in Foxitsoftware Phantompdf Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | 6.8 |
| 2021-01-07 | CVE-2018-20310 | Race Condition vulnerability in Foxitsoftware Phantompdf Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | 6.8 |
| 2021-01-07 | CVE-2018-20309 | Race Condition vulnerability in Foxitsoftware Phantompdf Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | 6.8 |
| 2020-09-04 | CVE-2020-12248 | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | 6.8 |
| 2020-09-04 | CVE-2020-12247 | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. | 5.8 |
| 2020-09-04 | CVE-2020-11493 | Insufficient Verification of Data Authenticity vulnerability in Foxitsoftware Phantompdf In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | 5.8 |
| 2020-08-20 | CVE-2020-15638 | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. | 6.8 |
| 2020-08-20 | CVE-2020-15637 | Use After Free vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. | 4.3 |