Foxit Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Foxit Software product.
RSS Feeds for Foxit Software security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Foxit Software products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Foxit Software Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Foxit Software. Last year, in 2025 Foxit Software had 1 security vulnerability published. Right now, Foxit Software is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 14 | 7.89 |
| 2023 | 8 | 8.68 |
| 2022 | 2 | 7.80 |
| 2021 | 29 | 8.67 |
| 2020 | 61 | 8.36 |
| 2019 | 8 | 8.80 |
| 2018 | 117 | 8.16 |
It may take a day or so for new Foxit Software vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Foxit Software Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2013-10068 | Aug 05, 2025 |
RCE Stack Buffer Overflow in Foxit Reader Plugin 2.2.1.530Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code. |
Foxit Reader
|
| CVE-2024-12751 | Dec 30, 2024 |
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution VulnerabilityFoxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344. |
Foxit Reader
|
| CVE-2024-12752 | Dec 30, 2024 |
Foxit PDF Reader AcroForm Memory Corruption RCEFoxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345. |
Foxit Reader
|
| CVE-2024-12753 | Dec 30, 2024 |
Foxit PDF Reader Installer Local Privilege Escalation via Junction CreationFoxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408. |
Foxit Reader
|
| CVE-2024-47810 | Dec 18, 2024 |
Foxit Reader 3D Page Object Use-After-Free VulnerabilityA use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2024-49576 | Dec 18, 2024 |
Foxit Reader Use-After-Free Vulnerability in CBF_Widget ObjectA use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2024-9252 | Nov 22, 2024 |
Foxit PDF Reader AcroForm Use-After-Free Info DisclosureFoxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24491. |
Foxit Reader
|
| CVE-2024-28888 | Oct 02, 2024 |
UAF in Foxit Reader 2024.1.0.23997 Checkbox FieldA use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2024-7725 | Aug 21, 2024 |
Foxit PDF Reader AcroForm Use-After-Free RCEFoxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928. |
Foxit Reader
|
| CVE-2021-34973 | May 07, 2024 |
Foxit PDF Reader Use-After-Free Info-Disclosure in PDF ParsingFoxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968. |
Foxit Reader
|
| CVE-2021-34974 | May 07, 2024 |
Foxit PDF Reader UAF in Annotation Handling Enables Remote Code ExecutionFoxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167. |
Foxit Reader
|
| CVE-2021-34976 | May 07, 2024 |
Foxit PDF Reader UAF CVE-2021-34976: Remote Info DisclosureFoxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659. |
Foxit Reader
|
| CVE-2023-38113 | May 03, 2024 |
UAF in Annotation Objects Enables Info Disclosure in Foxit PDF ReaderFoxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21083. |
Foxit Reader
|
| CVE-2024-25648 | Apr 30, 2024 |
Foxit Reader 2024.1.0.23997 Use-After-Free in ComboBox WidgetA use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2024-25575 | Apr 30, 2024 |
Type Confusion in Foxit Reader 2024.1.0.23997 via JavaScript => Arbitrary ExecA type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-32616 | Nov 27, 2023 |
Foxit Reader 12.1.2.15356: UAF via 3D Annotation JSA use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-35985 | Nov 27, 2023 |
Foxit Reader 12.1.3.15356: File Creation via JS exportDataObject APIAn arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-38573 | Nov 27, 2023 |
UAOF in Foxit Reader 12.1.2.15356: Code Exec via Signature FieldA use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-39542 | Nov 27, 2023 |
Foxit Reader 12.1.3.15356 JS saveAs API RCEA code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-40194 | Nov 27, 2023 |
Foxit Reader 12.1.3.15356 JS API arbitrary file creation CVE-2023-40194An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-41257 | Nov 27, 2023 |
Foxit Reader 12.1.2.15356 Field Value Type Confusion Arbitrary Code ExecA type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2023-33876 | Jul 19, 2023 |
Use-after-free in Foxit Reader 12.1.2.15332 via PDF JS arbitrary code executionA use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2022-37391 | Mar 29, 2023 |
RCE in Foxit PDF Reader 11.2.2.53575 AcroForms (CVE-2022-37391)This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17661. |
Foxit Reader
|
| CVE-2022-43310 | Nov 09, 2022 |
Foxit Reader 11.2.118.51569 DLL Search Path Priv EscAn Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. |
Foxit Reader
|
| CVE-2021-41785 | Aug 29, 2022 |
Foxit PDF Reader/Editor UAF via JS (before 11.1/10.1.6)Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
Foxit Reader
|
| CVE-2021-38565 | Aug 11, 2021 |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm. |
Pdf Editor
Pdf Reader
|
| CVE-2021-38572 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated. |
Foxit Reader
Phantompdf
|
| CVE-2021-38570 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. |
Foxit Reader
Phantompdf
|
| CVE-2021-38574 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string. |
Foxit Reader
Phantompdf
|
| CVE-2021-38573 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated. |
Foxit Reader
Phantompdf
|
| CVE-2021-38569 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects. |
Foxit Reader
Phantompdf
|
| CVE-2021-38568 | Aug 11, 2021 |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format. |
Foxit Reader
Phantompdf
|
| CVE-2021-38563 | Aug 11, 2021 |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write). |
Pdf Editor
Pdf Reader
|
| CVE-2021-38567 | Aug 11, 2021 |
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOSAn issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204. |
Pdf Editor
Pdf Reader
|
| CVE-2021-38566 | Aug 11, 2021 |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. |
Pdf Editor
Pdf Reader
|
| CVE-2021-38564 | Aug 11, 2021 |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. |
Pdf Editor
Pdf Reader
|
| CVE-2021-33794 | Aug 11, 2021 |
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. |
Foxit Reader
Phantompdf
|
| CVE-2021-33793 | Aug 11, 2021 |
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds writeFoxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. |
Foxit Reader
Phantompdf
|
| CVE-2021-21893 | Aug 05, 2021 |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 11.0.0.49893A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Pdf Reader
|
| CVE-2021-21831 | Aug 05, 2021 |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.3.37598A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Pdf Reader
|
| CVE-2021-21870 | Aug 05, 2021 |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.4.37651A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. |
Pdf Reader
|
| CVE-2021-33795 | Jul 09, 2021 |
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signaturesFoxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. |
Foxit Reader
Phantompdf
|
| CVE-2021-33792 | Jul 09, 2021 |
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds writeFoxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. |
Foxit Reader
Phantompdf
|
| CVE-2021-21822 | May 10, 2021 |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.3.37598A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. |
Foxit Reader
|
| CVE-2020-13548 | Feb 10, 2021 |
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memoryIn Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
Foxit Reader
|
| CVE-2020-17426 | Feb 09, 2021 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230. |
Foxit Studio Photo
|
| CVE-2018-20314 | Jan 07, 2021 |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race conditionFoxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. |
Phantompdf
Reader
|
| CVE-2018-20313 | Jan 07, 2021 |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race conditionFoxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. |
Phantompdf
Reader
|
| CVE-2018-20315 | Jan 07, 2021 |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race conditionFoxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. |
Phantompdf
Reader
|
| CVE-2018-20316 | Jan 07, 2021 |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race conditionFoxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. |
Phantompdf
Reader
|