Foxitsoftware: >> Phantompdf >> 5.0.3.0811 Security Vulnerabilities
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-06-04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10461.
CVSS Score
3.3
EPSS Score
0.114
Published
2020-04-22