National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:foxitsoftware:phantompdf:2.2
There are 380 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2018-10486

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10485

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within U3D Texture Height structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5412.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10484

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10483

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5410.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10482

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10481

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D Texture Resource structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5408.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10480

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the U3D Node Name buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5401.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10479

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10478

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10477

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10476

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10475

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-10474

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10473

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.

Published: May 17, 2018; 11:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

Published: April 24, 2018; 04:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.

Published: April 23, 2018; 07:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.

Published: April 23, 2018; 03:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-6169

Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.

Published: February 07, 2018; 12:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-6168

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.

Published: February 07, 2018; 12:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-10994

Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.

Published: July 07, 2017; 12:29:00 PM -04:00
V3.0: 7.3 HIGH
    V2: 9.3 HIGH