) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:foxitsoftware:phantompdf:6.0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-8875 |
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." Published: October 31, 2016; 6:59:10 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-4065 |
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. Published: April 22, 2016; 11:59:06 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-4064 |
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. Published: April 22, 2016; 11:59:05 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-4063 |
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. Published: April 22, 2016; 11:59:04 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-4062 |
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. Published: April 22, 2016; 11:59:03 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-4061 |
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. Published: April 22, 2016; 11:59:02 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-4060 |
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. Published: April 22, 2016; 11:59:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-4059 |
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. Published: April 22, 2016; 11:59:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2015-8580 |
Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. Published: December 16, 2015; 4:59:12 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2015-3633 |
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Published: May 01, 2015; 11:59:12 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-3632 |
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Published: May 01, 2015; 11:59:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2015-2790 |
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. Published: March 30, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |