Phantompdf

phantompdf

Vendor: Foxitsoftware • 549 CVEs

CVEs (549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-20819 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
CVE-2019-20818 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
CVE-2019-20817 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
CVE-2019-20816 1Foxitsoftware 1Phantompdf Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
CVE-2019-20815 1Foxitsoftware 1Phantompdf Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
CVE-2019-20814 1Foxitsoftware 1Phantompdf Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
CVE-2019-20813 1Foxitsoftware 1Phantompdf Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
CVE-2020-13810 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE-2020-13809 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
CVE-2020-13808 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
CVE-2020-13807 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
CVE-2020-13806 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
CVE-2020-13805 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
CVE-2020-13804 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
CVE-2020-13803 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Jun 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVE-2020-10913 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Apr 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946.Show less
CVE-2020-10912 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Apr 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9945.Show less
CVE-2020-10911 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Apr 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9944.Show less
CVE-2020-10910 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Apr 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9943.Show less
CVE-2020-10909 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 Apr 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a m...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AddWatermark command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9942.Show less

Previous 1...567...28 Next