Shodan
Vulnerabilities
Vulnerable Software
Foxitsoftware:  Security Vulnerabilities
CVE-2019-14208
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14209
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14210
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14211
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14212
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14213
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-07-21
CVE-2019-14214
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2019-14215
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-21
CVE-2018-19444
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-06-17
CVE-2018-19445
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-06-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved