Phantompdf

phantompdf

Vendor: Foxitsoftware • 549 CVEs

CVEs (549)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10474 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 May 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393.Show less
CVE-2018-10473 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 May 17, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.Show less
CVE-2017-17557 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Apr 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which c...Show more In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.Show less
CVE-2018-10303 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Apr 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
CVE-2018-10302 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Apr 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.
CVE-2016-6169 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Feb 7, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary c...Show more Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.Show less
CVE-2016-6168 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Feb 7, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.
CVE-2017-10994 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 Jul 7, 2017 N/A· v4 7.3 HIGH· v3 9.3 HIGH· v2 Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
CVE-2017-8455 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 May 3, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
CVE-2017-8454 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 May 3, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
CVE-2017-8453 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 May 3, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
CVE-2017-6883 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 Mar 14, 2017 N/A· v4 4.7 MEDIUM· v3 2.6 LOW· v2 The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash)...Show more The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.Show less
CVE-2017-5556 1Foxitsoftware 2Foxit Reader Phantompdf May 13, 2026 Jan 23, 2017 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via...Show more The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.Show less
CVE-2016-8879 1Foxitsoftware 2Phantompdf Reader May 6, 2026 Oct 31, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via...Show more The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue.Show less
CVE-2016-8878 1Foxitsoftware 2Phantompdf Reader May 6, 2026 Oct 31, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream...Show more Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."Show less
CVE-2016-8877 1Foxitsoftware 2Phantompdf Reader May 6, 2026 Oct 31, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka...Show more Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.Show less
CVE-2016-8876 1Foxitsoftware 2Phantompdf Reader May 6, 2026 Oct 31, 2016 N/A· v4 7.5 HIGH· v3 6.8 MEDIUM· v2 Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream...Show more Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."Show less
CVE-2016-8875 1Foxitsoftware 2Phantompdf Reader May 6, 2026 Oct 31, 2016 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...Show more The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor."Show less
CVE-2016-4065 1Foxitsoftware 2Foxit Reader Phantompdf May 6, 2026 Apr 22, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafte...Show more The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.Show less
CVE-2016-4064 1Foxitsoftware 2Foxit Reader Phantompdf May 6, 2026 Apr 22, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.

Previous 1...24 25 262728 Next