Download
| Alert*
|
CVE-2019-14211
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. CVE-2019-14210 An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. CVE-2019-14215 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer. CVE-2019-14214 An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. CVE-2019-14213 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. CVE-2019-14212 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object. CVE-2019-14208 An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary. CVE-2019-14207 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). CVE-2019-14209 An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm. CVE-2019-5007 An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. CVE-2019-5006 An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing. CVE-2019-5005 An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. |
