National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:foxitsoftware:foxit_reader:3.1.2.1013
There are 217 matching records.
Displaying matches 201 through 217.
Vuln ID Summary CVSS Severity
CVE-2017-6883

The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

Published: March 14, 2017; 05:59:00 AM -04:00
V3: 4.7 MEDIUM
V2: 2.6 LOW
CVE-2016-4065

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.

Published: April 22, 2016; 11:59:06 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.

Published: April 22, 2016; 11:59:05 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-4063

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

Published: April 22, 2016; 11:59:04 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-4062

Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.

Published: April 22, 2016; 11:59:03 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-4061

Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.

Published: April 22, 2016; 11:59:02 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-4060

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Published: April 22, 2016; 11:59:01 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-4059

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

Published: April 22, 2016; 11:59:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2015-8580

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.

Published: December 16, 2015; 04:59:12 PM -05:00
V2: 6.8 MEDIUM
CVE-2015-3633

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

Published: May 01, 2015; 11:59:12 AM -04:00
V2: 5.0 MEDIUM
CVE-2015-3632

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

Published: May 01, 2015; 11:59:10 AM -04:00
V2: 4.3 MEDIUM
CVE-2015-2790

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Published: March 30, 2015; 10:59:10 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-4337

Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.

Published: August 23, 2012; 11:55:00 AM -04:00
V2: 9.3 HIGH
CVE-2011-3691

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

Published: September 27, 2011; 03:55:03 PM -04:00
V2: 9.3 HIGH
CVE-2011-1908

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

Published: June 24, 2011; 04:55:03 PM -04:00
V2: 9.3 HIGH
CVE-2011-0332

Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

Published: February 25, 2011; 02:00:00 PM -05:00
V2: 9.3 HIGH
CVE-2010-1239

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

Published: April 05, 2010; 11:30:01 AM -04:00
V2: 9.3 HIGH