CVE-2019-9274 Foxit has been notified that JavaScript in PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allows a remote attacker to trigger a use-after-free and execute arbitrary code because the Foxit software does not properly handle objects in memory during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. - CVE-2019-9275 Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file

References ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2021-41781 ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2018-63002 ^ https://www.foxitsoftware.com/security-bulletins/2019/CVE-2019-9274

Summary of the vulnerabilities

Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution. Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.

Products Affected

Foxit Reader
Foxit Reader 11.1
PhantomPDF before 10.1.6

Vulnerability Details br br

A remote attacker can trigger a use-after-free and execute arbitrary code because the Foxit software does not properly handle objects in memory during script execution.
Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.
Foxit has been notified that PhantomPDF before 10.1.6 and Foxit Reader before 11.1 allow a remote attacker to execute arbitrary code via a crafted PDF file because the PDF file does not properly handle JavaScript during script execution.

Timeline

Published on: 08/29/2022 05:15:00 UTC
Last modified on: 09/02/2022 13:17:00 UTC

References