Show filters
596 Total Results
Displaying 331-340 of 596
Sort by:
Attacker Value
Unknown

CVE-2018-17680

Disclosure Date: January 24, 2019 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.
0
Attacker Value
Unknown

CVE-2019-5006

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.
0
Attacker Value
Unknown

CVE-2019-5005

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.
0
Attacker Value
Unknown

CVE-2019-5007

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.
0
Attacker Value
Unknown

CVE-2018-19047

Disclosure Date: November 07, 2018 (last updated November 08, 2023)
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble.
0
Attacker Value
Unknown

CVE-2018-17618

Disclosure Date: October 29, 2018 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336.
0
Attacker Value
Unknown

CVE-2018-17616

Disclosure Date: October 29, 2018 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.
0
Attacker Value
Unknown

CVE-2018-17615

Disclosure Date: October 29, 2018 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.
0
Attacker Value
Unknown

CVE-2018-17623

Disclosure Date: October 29, 2018 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.
0
Attacker Value
Unknown

CVE-2018-17622

Disclosure Date: October 29, 2018 (last updated November 27, 2024)
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354.