Filtered by vendor Foxitsoftware
Subscribe
Total
797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8843 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-12 | 6.9 MEDIUM | 7.4 HIGH |
| The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. | |||||
| CVE-2016-4062 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. | |||||
| CVE-2014-8074 | 1 Foxitsoftware | 1 Foxit Pdf Sdk Activex | 2025-04-12 | 6.8 MEDIUM | N/A |
| Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables. | |||||
| CVE-2016-4063 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. | |||||
| CVE-2015-8580 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2016-4065 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. | |||||
| CVE-2015-3633 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2025-04-12 | 5.0 MEDIUM | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | |||||
| CVE-2016-8875 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." | |||||
| CVE-2016-8878 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." | |||||
| CVE-2016-4064 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | |||||
| CVE-2016-4061 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. | |||||
| CVE-2014-6853 | 1 Foxitsoftware | 1 Foxit Mobilepdf - Pdf Reader | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-8879 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. | |||||
| CVE-2016-8856 | 1 Foxitsoftware | 1 Reader | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. | |||||
| CVE-2016-4059 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. | |||||
| CVE-2016-4060 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-4759 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3691 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. | |||||
| CVE-2013-0107 | 1 Foxitsoftware | 1 Foxit Advanced Pdf Editor | 2025-04-11 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie. | |||||
| CVE-2011-1908 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-11 | 9.3 HIGH | N/A |
| Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | |||||