Foxitsoftware

Foxit Reader

377 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.4

CVE-2010-20010

Exploit
  • EPSS 0.02%
  • Published 20.08.2025 16:34:48
  • Last modified 22.08.2025 18:09:17

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH)...

8.4

CVE-2011-10030

Exploit
  • EPSS 0.02%
  • Published 20.08.2025 15:33:20
  • Last modified 22.08.2025 18:09:17

Foxit PDF Reader <  4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or s...

8.2

CVE-2024-29072

Exploit
  • EPSS 0.05%
  • Published 28.05.2024 14:15:12
  • Last modified 22.08.2025 16:03:32

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which ...

8.8

CVE-2024-25575

Exploit
  • EPSS 2.74%
  • Published 30.04.2024 15:15:52
  • Last modified 22.08.2025 14:59:40

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption ...

8.8

CVE-2024-25648

Exploit
  • EPSS 2.17%
  • Published 30.04.2024 15:15:52
  • Last modified 22.08.2025 14:59:29

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corru...

8.8

CVE-2023-41257

  • EPSS 0.01%
  • Published 27.11.2023 16:15:11
  • Last modified 21.11.2024 08:20:55

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and re...

8.8

CVE-2023-38573

Exploit
  • EPSS 0.02%
  • Published 27.11.2023 16:15:10
  • Last modified 21.11.2024 08:13:51

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corrupt...

8.8

CVE-2023-39542

Exploit
  • EPSS 0.11%
  • Published 27.11.2023 16:15:10
  • Last modified 21.11.2024 08:15:38

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening ...

8.8

CVE-2023-40194

Exploit
  • EPSS 0.02%
  • Published 27.11.2023 16:15:10
  • Last modified 21.11.2024 08:18:58

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can le...

8.8

CVE-2023-35985

Exploit
  • EPSS 0.25%
  • Published 27.11.2023 16:15:09
  • Last modified 21.11.2024 08:09:06

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary location...