ReportizFlow
Filtered by vendor Foxitsoftware
Subscriptions
Total
837 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5937 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | ||||
| CVE-2026-5938 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | ||||
| CVE-2026-5939 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | ||||
| CVE-2026-5940 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | ||||
| CVE-2026-5941 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction. | ||||
| CVE-2026-5942 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | ||||
| CVE-2026-5943 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries. | ||||
| CVE-2026-3779 | 4 Apple, Foxit, Foxitsoftware and 1 more | 6 Macos, Pdf Editor, Pdf Reader and 3 more | 2026-04-28 | 7.8 High |
| The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution. | ||||
| CVE-2026-3780 | 3 Foxit, Foxitsoftware, Microsoft | 5 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 2 more | 2026-04-28 | 7.3 High |
| The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation. | ||||
| CVE-2026-4947 | 2 Foxit, Foxitsoftware | 2 Esign, Na1.foxitesign.foxit.com | 2026-04-27 | 7.1 High |
| Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing. | ||||
| CVE-2008-1104 | 1 Foxitsoftware | 1 Foxit Reader | 2026-04-23 | N/A |
| Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings. | ||||
| CVE-2009-0690 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000\/jbig2 Decoder Add-on | 2026-04-23 | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | ||||
| CVE-2008-0151 | 1 Foxitsoftware | 1 Wac Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. | ||||
| CVE-2008-7031 | 1 Foxitsoftware | 1 Wac Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | ||||
| CVE-2008-7225 | 1 Foxitsoftware | 1 Wac Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | ||||
| CVE-2009-0191 | 1 Foxitsoftware | 1 Foxit Reader | 2026-04-23 | N/A |
| Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. | ||||
| CVE-2009-0836 | 1 Foxitsoftware | 1 Reader | 2026-04-23 | N/A |
| Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. | ||||
| CVE-2009-0691 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000 Jbig2 Decoder Add-on | 2026-04-23 | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. | ||||
| CVE-2026-1591 | 2 Foxit, Foxitsoftware | 2 Pdf Editor Cloud, Pdfonline | 2026-04-18 | 6.3 Medium |
| Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects pdfonline.foxit.com: before 2026‑02‑03. | ||||
| CVE-2026-1592 | 2 Foxit, Foxitsoftware | 2 Pdf Editor Cloud, Pdfonline | 2026-04-18 | 6.3 Medium |
| Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03. | ||||