CVE-2021-41781 Foxit PDF Reader and Editor before 11.1 and PhantomPDF 10.1.6 allow attackers to trigger a use after free and execute arbitrary code.
CVE-2019-9274 Foxit has been notified that JavaScript in PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allows a remote attacker to trigger a use-after-free and execute arbitrary code because the Foxit software does not properly handle objects in memory during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. - CVE-2019-9275 Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file
References ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2021-41781 ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2018-63002 ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2019-9274
Summary of the vulnerabilities
Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.
Products Affected
Foxit Reader
Foxit Reader 11.1
PhantomPDF before 10.1.6
Vulnerability Details br br
A remote attacker can trigger a use-after-free and execute arbitrary code because the Foxit software does not properly handle objects in memory during script execution.
Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.
Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.
Timeline
Published on: 08/29/2022 05:15:00 UTC
Last modified on: 09/02/2022 13:17:00 UTC