A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Here is information on some enhancements that make our software even more robust.
Please click here to report a potential security vulnerability.
Please click here to check security advisories.
Get notified of Foxit PDF Editor releases and security bulletins
Release date: October 18, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.1.6, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.1.5.55449 and all previous 12.x versions, 11.1.9.0524 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to a Privilege Escalation vulnerability during the deactivation or uninstallation if the application is reinstalled without prior uninstallation, which attackers could exploit to execute malicious actions. This occurs due to the inadequate permission setting for the “/usr/local/share/foxit” folder used during the installation so that low-privilege attackers can easily tamper with the script files in the directory. |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects or AcroForms, which attackers could exploit to execute remote code. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, or fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript. (CVE-2024-28888, CVE-2024-7725, CVE-2024-9254) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 18, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.10, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.9.0524 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects or AcroForms, which attackers could exploit to execute remote code. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, or fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript. (CVE-2024-28888, CVE-2024-7725, CVE-2024-9254) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 18, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.11, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript, or fails to correctly update the font cache after deleting a page. (CVE-2024-28888, CVE-2024-7722, CVE-2024-7723, CVE-2024-7724, CVE-2024-7725, CVE-2024-9243, CVE-2024-9246, CVE-2024-9250, CVE-2024-9252, CVE-2024-9253, CVE-2024-9251, CVE-2024-9254, CVE-2024-9255, CVE-2024-9256) |
|
Addressed potential issues where the application could be exposed to a Privilege Escalation vulnerability when performing an update or installing a plugin, which attackers could exploit to delete arbitrary files or execute arbitrary code so as to carry out privilege escalation attacks. This occurs due to the incorrect permission assignment on the resources used by the update service, improper signature validation and incomplete certificate check for the updater, weak randomness setting for the name of the temporary folder during a plugin installation, or improper DLL loading without using the built-in manifest file. (CVE-2024-9245, CVE-2024-9244, CVE-2024-38393, CVE-2024-48618) |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files or handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application reads or writes data beyond the boundaries of an allocated object or buffer. (CVE-2024-9247, CVE-2024-9249, CVE-2024-9248) |
|
Addressed a potential issue where the application could be exposed to a Side-Loading vulnerability when performing an update, which attackers could exploit to run malicious payloads by replacing the update file with a malicious one. This occurs as the application fails to validate the integrity of the updater when running the update service. (CVE-2024-41605) |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability and crash when scrolling certain PDF files with an abnormal StructTreeRoot dictionary entry, which attackers could exploit to launch a Denial of Service attack. This occurs due to the use of a null pointer without proper validation. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 29, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 12.1.8, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.7.15526 and all previous 12.x versions, 11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript, or fails to correctly update the font cache after deleting a page. (CVE-2024-28888, CVE-2024-7722, CVE-2024-7723, CVE-2024-7724, CVE-2024-7725, CVE-2024-9243, CVE-2024-9246, CVE-2024-9250, CVE-2024-9252, CVE-2024-9253, CVE-2024-9251, CVE-2024-9254, CVE-2024-9255, CVE-2024-9256) |
|
Addressed potential issues where the application could be exposed to a Privilege Escalation vulnerability when performing an update or installing a plugin, which attackers could exploit to delete arbitrary files or execute arbitrary code so as to carry out privilege escalation attacks. This occurs due to the incorrect permission assignment on the resources used by the update service, improper signature validation and incomplete certificate check for the updater, weak randomness setting for the name of the temporary folder during a plugin installation, or improper DLL loading without using the built-in manifest file. (CVE-2024-9245, CVE-2024-9244, CVE-2024-38393, CVE-2024-48618) |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files or handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application reads or writes data beyond the boundaries of an allocated object or buffer. (CVE-2024-9247, CVE-2024-9249, CVE-2024-9248) |
|
Addressed a potential issue where the application could be exposed to a Side-Loading vulnerability when performing an update, which attackers could exploit to run malicious payloads by replacing the update file with a malicious one. This occurs as the application fails to validate the integrity of the updater when running the update service. (CVE-2024-41605) |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability and crash when scrolling certain PDF files with an abnormal StructTreeRoot dictionary entry, which attackers could exploit to launch a Denial of Service attack. This occurs due to the use of a null pointer without proper validation. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 26, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2024.3 and Foxit PDF Editor 2024.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2024.2.3.25184 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2024.2.3.25184 and all previous 2024.x versions, 2023.3.0.23028 and all previous 2023.x versions, 13.1.3.22478 and all previous 13.x versions, 12.1.7.15526 and all previous 12.x versions, 11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript, or fails to correctly update the font cache after deleting a page. (CVE-2024-28888, CVE-2024-9243, CVE-2024-9246, CVE-2024-9250, CVE-2024-9252, CVE-2024-9253, CVE-2024-9251, CVE-2024-9254, CVE-2024-9255, CVE-2024-9256) |
|
Addressed potential issues where the application could be exposed to a Privilege Escalation vulnerability when performing an update or installing a plugin, which attackers could exploit to delete arbitrary files or execute arbitrary code so as to carry out privilege escalation attacks. This occurs due to the incorrect permission assignment on the resources used by the update service, improper signature validation and incomplete certificate check for the updater, weak randomness setting for the name of the temporary folder during a plugin installation, or improper DLL loading without using the built-in manifest file. (CVE-2024-9245, CVE-2024-9244, CVE-2024-38393, CVE-2024-48618) |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files or handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application reads or writes data beyond the boundaries of an allocated object or buffer. (CVE-2024-9247, CVE-2024-9249, CVE-2024-9248) |
|
Addressed a potential issue where the application could be exposed to a Side-Loading vulnerability when performing an update, which attackers could exploit to run malicious payloads by replacing the update file with a malicious one. This occurs as the application fails to validate the integrity of the updater when running the update service. (CVE-2024-41605) |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability and crash when scrolling certain PDF files with an abnormal StructTreeRoot dictionary entry, which attackers could exploit to launch a Denial of Service attack. This occurs due to the use of a null pointer without proper validation. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 26, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2024.3 and Foxit PDF Reader for Mac 2024.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2024.2.3.64402 and all previous 2024.x versions, 2023.3.0.63083 and all previous 2023.x versions, 13.1.2.62201 and all previous 13.x versions, 12.1.5.55449 and all previous 12.x versions, 11.1.9.0524 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
2024.2.2.64388 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to a Privilege Escalation vulnerability during the deactivation or uninstallation if the application is reinstalled without prior uninstallation, which attackers could exploit to execute malicious actions. This occurs due to the inadequate permission setting for the “/usr/local/share/foxit” folder used during the installation so that low-privilege attackers can easily tamper with the script files in the directory. |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, or fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript. (CVE-2024-28888, CVE-2024-7725, CVE-2024-9243, CVE-2024-9254) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 26, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 13.1.4, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
13.1.2.62201 and all previous 13.x versions, 12.1.5.55449 and all previous 12.x versions, 11.1.9.0524 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to a Privilege Escalation vulnerability during the deactivation or uninstallation if the application is reinstalled without prior uninstallation, which attackers could exploit to execute malicious actions. This occurs due to the inadequate permission setting for the “/usr/local/share/foxit” folder used during the installation so that low-privilege attackers can easily tamper with the script files in the directory. |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, or fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript. (CVE-2024-28888, CVE-2024-7725, CVE-2024-9243, CVE-2024-9254) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 26, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.1.4, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
13.1.3.22478 and all previous 13.x versions, 12.1.7.15526 and all previous 12.x versions, 11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript, or fails to correctly update the font cache after deleting a page. (CVE-2024-28888, CVE-2024-9243, CVE-2024-9246, CVE-2024-9250, CVE-2024-9252, CVE-2024-9253, CVE-2024-9251, CVE-2024-9254, CVE-2024-9255, CVE-2024-9256) |
|
Addressed potential issues where the application could be exposed to a Privilege Escalation vulnerability when performing an update or installing a plugin, which attackers could exploit to delete arbitrary files or execute arbitrary code so as to carry out privilege escalation attacks. This occurs due to the incorrect permission assignment on the resources used by the update service, improper signature validation and incomplete certificate check for the updater, weak randomness setting for the name of the temporary folder during a plugin installation, or improper DLL loading without using the built-in manifest file. (CVE-2024-9245, CVE-2024-9244, CVE-2024-38393, CVE-2024-48618) |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files or handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application reads or writes data beyond the boundaries of an allocated object or buffer. (CVE-2024-9247, CVE-2024-9249, CVE-2024-9248) |
|
Addressed a potential issue where the application could be exposed to a Side-Loading vulnerability when performing an update, which attackers could exploit to run malicious payloads by replacing the update file with a malicious one. This occurs as the application fails to validate the integrity of the updater when running the update service. (CVE-2024-41605) |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability and crash when scrolling certain PDF files with an abnormal StructTreeRoot dictionary entry, which attackers could exploit to launch a Denial of Service attack. This occurs due to the use of a null pointer without proper validation. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 4, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2024.2.3, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2024.2.2.64388, 2024.2.1.64379, 2024.2.0.64371, and 2024.1.0.63682 |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed an issue that causes partial redaction of information.
|
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date:
Foxit PDF Editor: August 3, 2024
Foxit PDF Reader: August 9, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2024.2.3 and Foxit PDF Editor 2024.2.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2024.2.2.25170 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2024.2.2.25170 and all previous 2024.x versions, 2023.3.0.23028 and all previous 2023.x versions, 13.1.2.22442 and all previous 13.x versions, 12.1.7.15526 and all previous 12.x versions, 11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain Doc objects or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of a wild pointer or an object that has been freed without proper validation. (CVE-2024-7722, CVE-2024-7723, CVE-2024-7724, CVE-2024-7725) |
|
Addressed an issue that causes partial redaction of information.
|
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 3, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.1.3, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
13.1.2.22442 and all previous 13.x versions, 12.1.7.15526 and all previous 12.x versions, 11.2.10.53951 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain Doc objects or AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of a wild pointer or an object that has been freed without proper validation. (CVE-2024-7722, CVE-2024-7723, CVE-2024-7724, CVE-2024-7725) |
|
Addressed an issue that causes partial redaction of information.
|
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 26, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 12.1.7, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.6.15509 and all previous 12.x versions, 11.2.9.53938 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use (TOCTOU) Race Condition or Privilege Escalation vulnerability when performing an update, which attackers could exploit to carry out privilege escalation attacks by replacing the update file with a malicious one. This occurs as the application fails to properly validate the certificate of the updater executable or fails to lock the permissions of the update file after certificate validation. (CVE-2024-29072) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 26, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.10, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.2.9.53938 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use (TOCTOU) Race Condition or Privilege Escalation vulnerability when performing an update, which attackers could exploit to carry out privilege escalation attacks by replacing the update file with a malicious one. This occurs as the application fails to properly validate the certificate of the updater executable or fails to lock the permissions of the update file after certificate validation. (CVE-2024-29072) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 25, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.1.2, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
13.1.1.22432 and all previous 13.x versions, 12.1.6.15509 and all previous 12.x versions, 11.2.9.53938 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use (TOCTOU) Race Condition or Privilege Escalation vulnerability when performing an update, which attackers could exploit to carry out privilege escalation attacks by replacing the update file with a malicious one. This occurs as the application fails to properly validate the certificate of the updater executable or fails to lock the permissions of the update file after certificate validation. (CVE-2024-29072) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 25, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 13.1.2, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
13.1.1.62190 and all previous 13.x versions, 12.1.4.55444 and all previous 12.x versions, 11.1.8.0513 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 25, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.1.5, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.1.4.55444 and all previous 12.x versions, 11.1.8.0513 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 25, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.9, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.8.0513 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 24, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2024.2.2 and Foxit PDF Editor 2024.2.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2024.2.1.25153 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2024.2.1.25153 and all previous 2024.x versions, 2023.3.0.23028 and all previous 2023.x versions, 13.1.1.22432 and all previous 13.x versions, 12.1.6.15509 and all previous 12.x versions, 11.2.9.53938 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use (TOCTOU) Race Condition or Privilege Escalation vulnerability when performing an update, which attackers could exploit to carry out privilege escalation attacks by replacing the update file with a malicious one. This occurs as the application fails to properly validate the certificate of the updater executable or fails to lock the permissions of the update file after certificate validation. (CVE-2024-29072) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 24, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2024.2.2 and Foxit PDF Reader for Mac 2024.2.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2024.2.1.64379 and all previous 2024.x versions, 2023.3.0.63083 and all previous 2023.x versions, 13.1.1.62190 and all previous 13.x versions, 12.1.4.55444 and all previous 12.x versions, 11.1.8.0513 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
2024.2.1.64379 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to hidden dangers lurking in common tools when opening certain PDFs that include the Launch File action, which attackers could exploit to deceive users into executing harmful commands. This appears in the security warning dialog box as it shows “OK” as the default selected option, which may cause users to habitually click “OK” without understanding the potential risks involved. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2024.2 and Foxit PDF Editor 2024.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2024.1.0.23997 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2024.1.0.23997, 2023.3.0.23028 and all previous 2023.x versions, 13.0.1.21693 and all previous 13.x versions, 12.1.4.15400 and all previous 12.x versions, 11.2.8.53842 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to User-After-Free or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts, which attackers could exploit to execute arbitrary code. This occurs due to the use of object that has been deleted or freed without proper validation. (CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2024.2 and Foxit PDF Reader for Mac 2024.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2024.1.0.63682, 2023.3.0.63083 and all previous 2023.x versions, 13.0.1.61866 and all previous 13.x versions, 12.1.2.55366 and all previous 12.x versions, 11.1.6.0109 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
2024.1.0.63682 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to User-After-Free vulnerability and crash when opening certain PDF files that contain JavaScripts, which attackers could exploit to execute arbitrary code. This occurs due to the use of object that has been deleted or freed without proper validation. (CVE-2024-25648) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 13.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
13.0.1.61866 and all previous 13.x versions, 12.1.2.55366 and all previous 12.x versions, 11.1.6.0109 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts or parsing certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30324, CVE-2024-30327, CVE-2024-30328, CVE-2024-30331, CVE-2024-30336, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30351, CVE-2024-30357, CVE-2024-30348, CVE-2024-30363, CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files or Doc objects, which attackers could exploit to execute remote code or disclose information. This occurs as the application reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30361, CVE-2024-30362, CVE-2024-30354, CVE-2024-30365, CVE-2024-30366) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.1.3, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.1.2.55366 and all previous 12.x versions, 11.1.6.0109 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts or parsing certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30324, CVE-2024-30327, CVE-2024-30328, CVE-2024-30331, CVE-2024-30336, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30351, CVE-2024-30357, CVE-2024-30348, CVE-2024-30363, CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files or Doc objects, which attackers could exploit to execute remote code or disclose information. This occurs as the application reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30361, CVE-2024-30362, CVE-2024-30354, CVE-2024-30365, CVE-2024-30366) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.7, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.6.0109 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts or parsing certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30324, CVE-2024-30327, CVE-2024-30328, CVE-2024-30331, CVE-2024-30336, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30351, CVE-2024-30357, CVE-2024-30348, CVE-2024-30363, CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files or Doc objects, which attackers could exploit to execute remote code or disclose information. This occurs as the application reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30361, CVE-2024-30362, CVE-2024-30354, CVE-2024-30365, CVE-2024-30366) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
13.0.1.21693 and all previous 13.x versions, 12.1.4.15400 and all previous 12.x versions, 11.2.8.53842 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to User-After-Free or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts, which attackers could exploit to execute arbitrary code. This occurs due to the use of object that has been deleted or freed without proper validation. (CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed a potential issue where the application could be exposed to Arbitrary Code Execution vulnerability when executing certain JavaScripts, which attackers could exploit to induce users to execute commands with malicious parameters. The application has optimized the prompt message to enable users to view the complete parameters before executing commands. (CVE-2024-25858) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when parsing certain PDF files or handling certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30322, CVE-2024-30324, CVE-2024-30325, CVE-2024-30326, CVE-2024-30327, CVE-2024-30328, CVE-2024-30329, CVE-2024-30330, CVE-2024-30331, CVE-2024-30332, CVE-2024-30333, CVE-2024-30334, CVE-2024-30335, CVE-2024-30336, CVE-2024-30337, CVE-2024-30338, CVE-2024-30339, CVE-2024-30340, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30347, CVE-2024-30350, CVE-2024-30351, CVE-2024-30352, CVE-2024-30353, CVE-2024-30355, CVE-2024-30357, CVE-2024-30348, CVE-2024-30358, CVE-2024-30349, CVE-2024-30363, CVE-2024-30364, CVE-2024-30367, CVE-2024-30371) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files, Doc objects, or 3D objects in AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application encounters an infinite loop when traversing objects in a circular reference, reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30323, CVE-2024-30360, CVE-2024-30361, CVE-2024-30362, CVE-2024-30341, CVE-2024-30354, CVE-2024-30359, CVE-2024-30365, CVE-2024-30366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability when checking for updates, which attackers could exploit to execute malicious DLL files. This occurs due to the weak permissions on the folder in which the update service is executed. (CVE-2024-32488) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application improperly handles the annotation object that contains a non-standard “DS” field in the annotation dictionary entry using a type that is incompatible with the intended type. (CVE-2024-30356) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 12.1.5, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
12.1.4.15400 and all previous 12.x versions, 11.2.8.53842 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to User-After-Free or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts, which attackers could exploit to execute arbitrary code. This occurs due to the use of object that has been deleted or freed without proper validation. (CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed a potential issue where the application could be exposed to Arbitrary Code Execution vulnerability when executing certain JavaScripts, which attackers could exploit to induce users to execute commands with malicious parameters. The application has optimized the prompt message to enable users to view the complete parameters before executing commands. (CVE-2024-25858) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when parsing certain PDF files or handling certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30322, CVE-2024-30324, CVE-2024-30325, CVE-2024-30326, CVE-2024-30327, CVE-2024-30328, CVE-2024-30329, CVE-2024-30330, CVE-2024-30331, CVE-2024-30332, CVE-2024-30333, CVE-2024-30334, CVE-2024-30335, CVE-2024-30336, CVE-2024-30337, CVE-2024-30338, CVE-2024-30339, CVE-2024-30340, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30347, CVE-2024-30350, CVE-2024-30351, CVE-2024-30352, CVE-2024-30353, CVE-2024-30355, CVE-2024-30357, CVE-2024-30348, CVE-2024-30358, CVE-2024-30349, CVE-2024-30363, CVE-2024-30364, CVE-2024-30367, CVE-2024-30371) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files, Doc objects, or 3D objects in AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application encounters an infinite loop when traversing objects in a circular reference, reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30323, CVE-2024-30360, CVE-2024-30361, CVE-2024-30362, CVE-2024-30341, CVE-2024-30354, CVE-2024-30359, CVE-2024-30365, CVE-2024-30366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability when checking for updates, which attackers could exploit to execute malicious DLL files. This occurs due to the weak permissions on the folder in which the update service is executed. (CVE-2024-32488) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application improperly handles the annotation object that contains a non-standard “DS” field in the annotation dictionary entry using a type that is incompatible with the intended type. (CVE-2024-30356) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 28, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.9, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.8.53842 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to User-After-Free or Type Confusion vulnerability and crash when opening certain PDF files that contain JavaScripts, which attackers could exploit to execute arbitrary code. This occurs due to the use of object that has been deleted or freed without proper validation. (CVE-2024-25938, CVE-2024-25648, CVE-2024-25575) |
|
Addressed a potential issue where the application could be exposed to Arbitrary Code Execution vulnerability when executing certain JavaScripts, which attackers could exploit to induce users to execute commands with malicious parameters. The application has optimized the prompt message to enable users to view the complete parameters before executing commands. (CVE-2024-25858) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when parsing certain PDF files or handling certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30322, CVE-2024-30324, CVE-2024-30325, CVE-2024-30326, CVE-2024-30327, CVE-2024-30328, CVE-2024-30329, CVE-2024-30330, CVE-2024-30331, CVE-2024-30332, CVE-2024-30333, CVE-2024-30334, CVE-2024-30335, CVE-2024-30336, CVE-2024-30337, CVE-2024-30338, CVE-2024-30339, CVE-2024-30340, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30347, CVE-2024-30350, CVE-2024-30351, CVE-2024-30352, CVE-2024-30353, CVE-2024-30355, CVE-2024-30357, CVE-2024-30348, CVE-2024-30358, CVE-2024-30349, CVE-2024-30363, CVE-2024-30364, CVE-2024-30367, CVE-2024-30371) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files, Doc objects, or 3D objects in AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application encounters an infinite loop when traversing objects in a circular reference, reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30323, CVE-2024-30360, CVE-2024-30361, CVE-2024-30362, CVE-2024-30341, CVE-2024-30354, CVE-2024-30359, CVE-2024-30365, CVE-2024-30366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability when checking for updates, which attackers could exploit to execute malicious DLL files. This occurs due to the weak permissions on the folder in which the update service is executed. (CVE-2024-32488) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application improperly handles the annotation object that contains a non-standard “DS” field in the annotation dictionary entry using a type that is incompatible with the intended type. (CVE-2024-30356) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 5, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2024.1 and Foxit PDF Editor 2024.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2023.3.0.23028 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2023.3.0.23028 and all previous 2023.x versions, 13.0.1.21693 and all previous 13.x versions, 12.1.4.15400 and all previous 12.x versions, 11.2.8.53842 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Arbitrary Code Execution vulnerability when executing certain JavaScripts, which attackers could exploit to induce users to execute commands with malicious parameters. The application has optimized the prompt message to enable users to view the complete parameters before executing commands. (CVE-2024-25858) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when parsing certain PDF files or handling certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code or disclose information. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30322, CVE-2024-30324, CVE-2024-30325, CVE-2024-30326, CVE-2024-30327, CVE-2024-30328, CVE-2024-30329, CVE-2024-30330, CVE-2024-30331, CVE-2024-30332, CVE-2024-30333, CVE-2024-30334, CVE-2024-30335, CVE-2024-30336, CVE-2024-30337, CVE-2024-30338, CVE-2024-30339, CVE-2024-30340, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30347, CVE-2024-30350, CVE-2024-30351, CVE-2024-30352, CVE-2024-30353, CVE-2024-30355, CVE-2024-30357, CVE-2024-30348, CVE-2024-30358, CVE-2024-30349, CVE-2024-30363, CVE-2024-30364, CVE-2024-30367, CVE-2024-30371) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files, Doc objects, or 3D objects in AcroForms, which attackers could exploit to execute remote code or disclose information. This occurs as the application encounters an infinite loop when traversing objects in a circular reference, reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30323, CVE-2024-30360, CVE-2024-30361, CVE-2024-30362, CVE-2024-30341, CVE-2024-30354, CVE-2024-30359, CVE-2024-30365, CVE-2024-30366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability when checking for updates, which attackers could exploit to execute malicious DLL files. This occurs due to the weak permissions on the folder in which the update service is executed. (CVE-2024-32488) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when handling certain Annotation objects, which attackers could exploit to execute remote code. This occurs as the application improperly handles the annotation object that contains a non-standard “DS” field in the annotation dictionary entry using a type that is incompatible with the intended type. (CVE-2024-30356) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 5, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2024.1 and Foxit PDF Reader for Mac 2024.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2023.3.0.63083 and all previous 2023.x versions, 13.0.1.61866 and all previous 13.x versions, 12.1.2.55366 and all previous 12.x versions, 11.1.6.0109 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
2023.3.0.63083 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when parsing certain Doc, Annotation, Signature, or AcroForm objects, which attackers could exploit to execute remote code. This occurs due to the use of the wild pointer, memory, or object that has been deleted or freed without proper validation. (CVE-2024-30324, CVE-2024-30327, CVE-2024-30328, CVE-2024-30331, CVE-2024-30336, CVE-2024-30342, CVE-2024-30343, CVE-2024-30344, CVE-2024-30345, CVE-2024-30346, CVE-2024-30351, CVE-2024-30357, CVE-2024-30348, CVE-2024-30363) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handing certain U3D files or Doc objects, which attackers could exploit to execute remote code or disclose information. This occurs as the application reads or writes data beyond the boundaries of an allocated object/buffer, or converts and uses the pointer that is discrepant with the object type. (CVE-2024-30361, CVE-2024-30362, CVE-2024-30354, CVE-2024-30365, CVE-2024-30366) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash when playing multimedia in certain PDF files, which attackers could exploit to launch a denial of service. This occurs due to the use of null pointer without proper validation as the application fails to properly handle the situation where the canvas is set as zero in width and length or the “/S” dictionary entry for the rendition object has been modified. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 22, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 12.1.4, which addresses potential security and stability issues
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
12.1.3.15356 and all previous 12.x versions, 11.2.7.53812 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when handling certain Doc, Graphic, Signature, Bookmark, or 3D annotation objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer, wild pointer, or object that has been deleted or freed without proper validation. (CVE-2023-51549, CVE-2023-51550, CVE-2023-51552, CVE-2023-51554, CVE-2023-51553, CVE-2023-32616, CVE-2023-41257, CVE-2023-38573, CVE-2023-51555, CVE-2023-51556, CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51551, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Creation vulnerability, which could be exploited by attackers to execute arbitrary code. This occurs as the application directly opens the executable files due to the failure to properly identify the file type that is disallowed to be opened when handling the exportDataObject method of the Doc object. (CVE-2023-40194, CVE-2023-35985) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute arbitrary code. This occurs due to the GDI memory overflow as the application fails to properly handle the user inputs. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when opening certain PDF files that include the OpenAction method using the relative path with path spoofing techniques, which could be exploited by attackers to deceive users to execute commands to spread malicious code. The application has optimized the Launch File process, including getting the absolute path, restricting the execution of files whose file path exceeds 260 characters, and enlarging the window to display the full path (within 260 characters) of the file to be executed. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability and crash when handling certain Annotation objects, which could be exploited by attackers to execute remote code. This occurs due to the access of illegal memory as the application casts the pointers of different types without inheritance relation and uses them without proper validation. (CVE-2023-51560) |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the inconsistency between the exported values and appearance values as the application fails to properly handle the radio button component that is missing the Appearance Dictionary, or due to the use of deleted objects without proper validation. (CVE-2023-42089, CVE-2023-42090, CVE-2023-42091, CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096, CVE-2023-42097, CVE-2023-42098) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the indirectly obtained objects or empty values returned by certain interfaces when handling the bookmarks or text annotations in certain PDFs. |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the saveAs method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-39542) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 22, 2024
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.8, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.7.53812 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when handling certain Doc, Graphic, Signature, Bookmark, or 3D annotation objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer, wild pointer, or object that has been deleted or freed without proper validation. (CVE-2023-51549, CVE-2023-51550, CVE-2023-51552, CVE-2023-51554, CVE-2023-51553, CVE-2023-32616, CVE-2023-41257, CVE-2023-38573, CVE-2023-51555, CVE-2023-51556, CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51551, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Creation vulnerability, which could be exploited by attackers to execute arbitrary code. This occurs as the application directly opens the executable files due to the failure to properly identify the file type that is disallowed to be opened when handling the exportDataObject method of the Doc object. (CVE-2023-40194, CVE-2023-35985) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute arbitrary code. This occurs due to the GDI memory overflow as the application fails to properly handle the user inputs. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when opening certain PDF files that include the OpenAction method using the relative path with path spoofing techniques, which could be exploited by attackers to deceive users to execute commands to spread malicious code. The application has optimized the Launch File process, including getting the absolute path, restricting the execution of files whose file path exceeds 260 characters, and enlarging the window to display the full path (within 260 characters) of the file to be executed. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability and crash when handling certain Annotation objects, which could be exploited by attackers to execute remote code. This occurs due to the access of illegal memory as the application casts the pointers of different types without inheritance relation and uses them without proper validation. (CVE-2023-51560) |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the inconsistency between the exported values and appearance values as the application fails to properly handle the radio button component that is missing the Appearance Dictionary, or due to the use of deleted objects without proper validation. (CVE-2023-42089, CVE-2023-42090, CVE-2023-42091, CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096, CVE-2023-42097, CVE-2023-42098) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the indirectly obtained objects or empty values returned by certain interfaces when handling the bookmarks or text annotations in certain PDFs. |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the saveAs method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-39542) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 17, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.1.2, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.1.1.55342 and all previous 12.x versions, 11.1.5.0913 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when handling certain Doc, Graphic, Signature, or Bookmark objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer or object that has been deleted or freed without proper validation. (CVE-2023-51554, CVE-2023-51553, CVE-2023-51555, CVE-2023-51559, CVE-2023-51551, CVE-2023-42089, CVE-2023-51550, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the empty values returned by certain interfaces when handling the text annotations in certain PDFs. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 17, 2024
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.6, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.5.0913 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when handling certain Doc, Graphic, Signature, or Bookmark objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer or object that has been deleted or freed without proper validation. (CVE-2023-51554, CVE-2023-51553, CVE-2023-51555, CVE-2023-51559, CVE-2023-51551, CVE-2023-42089, CVE-2023-51550, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the empty values returned by certain interfaces when handling the text annotations in certain PDFs. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 22, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2023.3 and Foxit PDF Editor 2023.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
2023.2.0.21408 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2023.2.0.21408, 2023.1.0.15510, 13.0.0.21632, 12.1.3.15356 and all previous 12.x versions, 11.2.7.53812 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when handling certain Doc, Graphic, Signature, Bookmark, or 3D annotation objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer, wild pointer, or object that has been deleted or freed without proper validation. (CVE-2023-51549, CVE-2023-51550, CVE-2023-51552, CVE-2023-51554, CVE-2023-51553, CVE-2023-32616, CVE-2023-41257, CVE-2023-38573, CVE-2023-51555, CVE-2023-51556, CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51551, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Creation vulnerability, which could be exploited by attackers to execute arbitrary code. This occurs as the application directly opens the executable files due to the failure to properly identify the file type that is disallowed to be opened when handling the exportDataObject method of the Doc object. (CVE-2023-40194, CVE-2023-35985) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute arbitrary code. This occurs due to the GDI memory overflow as the application fails to properly handle the user inputs. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when opening certain PDF files that include the OpenAction method using the relative path with path spoofing techniques, which could be exploited by attackers to deceive users to execute commands to spread malicious code. The application has optimized the Launch File process, including getting the absolute path, restricting the execution of files whose file path exceeds 260 characters, and enlarging the window to display the full path (within 260 characters) of the file to be executed. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability and crash when handling certain Annotation objects, which could be exploited by attackers to execute remote code. This occurs due to the access of illegal memory as the application casts the pointers of different types without inheritance relation and uses them without proper validation. (CVE-2023-51560) |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read vulnerability, which could be exploited by attackers to disclose information. This occurs as the application fails to properly initialize the allocated pointer when parsing certain PDF files. (CVE-2023-51561) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 22, 2023
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 2023.3 and Foxit PDF Reader for Mac 2023.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
2023.2.0.61611, 2023.1.0.55583, 13.0.0.61829, 12.1.1.55342 and all previous 12.x versions, 11.1.5.0913 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
2023.2.0.61611 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when handling certain Doc, Graphic, Signature, or Bookmark objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer or object that has been deleted or freed without proper validation. (CVE-2023-51554, CVE-2023-51553, CVE-2023-51555, CVE-2023-51559, CVE-2023-51551) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 14, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.0.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
13.0.0.21632, 12.1.3.15356 and all previous 12.x versions, 11.2.7.53812 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash when handling certain Doc, Graphic, Signature, Bookmark, or 3D annotation objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer, wild pointer, or object that has been deleted or freed without proper validation. (CVE-2023-51549, CVE-2023-51550, CVE-2023-51552, CVE-2023-51554, CVE-2023-51553, CVE-2023-32616, CVE-2023-41257, CVE-2023-38573, CVE-2023-51555, CVE-2023-51556, CVE-2023-51557, CVE-2023-51558, CVE-2023-51559, CVE-2023-51551, CVE-2023-51562) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Creation vulnerability, which could be exploited by attackers to execute arbitrary code. This occurs as the application directly opens the executable files due to the failure to properly identify the file type that is disallowed to be opened when handling the exportDataObject method of the Doc object. (CVE-2023-40194, CVE-2023-35985) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute arbitrary code. This occurs due to the GDI memory overflow as the application fails to properly handle the user inputs. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when opening certain PDF files that include the OpenAction method using the relative path with path spoofing techniques, which could be exploited by attackers to deceive users to execute commands to spread malicious code. The application has optimized the Launch File process, including getting the absolute path, restricting the execution of files whose file path exceeds 260 characters, and enlarging the window to display the full path (within 260 characters) of the file to be executed. |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability and crash when handling certain Annotation objects, which could be exploited by attackers to execute remote code. This occurs due to the access of illegal memory as the application casts the pointers of different types without inheritance relation and uses them without proper validation. (CVE-2023-51560) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 8, 2023
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 13.0.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
13.0.0.61829, 12.1.1.55342 and all previous 12.x versions, 11.1.5.0913 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when handling certain Doc, Graphic, Signature, or Bookmark objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer or object that has been deleted or freed without proper validation. (CVE-2023-51554, CVE-2023-51553, CVE-2023-51555, CVE-2023-51559, CVE-2023-51551) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 27, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.7, which addresses potential security and stability issues
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.6.53790 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-after-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the access of null pointer/wild pointer or reference to the object that has been deleted without proper validation when handling certain JavaScripts. (CVE-2023-28744, CVE-2023-38111, CVE-2023-38107, CVE-2023-38109, CVE-2023-38113, CVE-2023-38114, CVE-2023-38112, CVE-2023-38110, CVE-2023-38115, CVE-2023-38117, CVE-2023-27379, CVE-2023-33866, CVE-2023-32664, CVE-2023-33876) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information. This is caused by the access violation as the application reads the bytes beyond the range of the stream or uses the color components (defined in the color space dictionary) that are inconsistent with the actual ones for the image object when converting the color space of an image. (CVE-2023-38105, CVE-2023-38106, CVE-2023-38108, CVE-2023-38116) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Read vulnerability, which could be exploited by attackers to disclose files in the target system. This occurs as the application fails to properly validate the type of attachment when calling the methods (with file attachments specified) to create annotations. |
|
Addressed potential issues where the application could be exposed to Arbitrary File Deletion vulnerability, which could be exploited by attackers to delete the private files in the current user context. This occurs as the application fails to validate the file type and deletes the target file improperly without checking its existence in the user system when calling certain JavaScripts to export PDFs. |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability and crash when handling certain PDF files that include signatures. This occurs as the application verifies the signatures concurrently in a multi-threaded environment and overwrites the data multiple times. (CVE-2023-38119) |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the access violation as the application fails to handle the abnormal parameters properly when rendering the annotation pop-up notes in certain PDF files. (CVE-2023-38118) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 12, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 2023.2 and Foxit PDF Editor 2023.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.1.3.15356 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
2023.1.0.15510, 12.1.3.15356 and all previous 12.x versions, 11.2.7.53812 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the inconsistency between the exported values and appearance values as the application fails to properly handle the radio button component that is missing the Appearance Dictionary, or due to the use of deleted objects without proper validation. (CVE-2023-42089, CVE-2023-42090, CVE-2023-42091, CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096, CVE-2023-42097, CVE-2023-42098) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the indirectly obtained objects or empty values returned by certain interfaces when handling the bookmarks or text annotations in certain PDFs. |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the saveAs method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-39542) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 12, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 13.0, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.3.15356 and all previous 12.x versions, 11.2.6.53790 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the inconsistency between the exported values and appearance values as the application fails to properly handle the radio button component that is missing the Appearance Dictionary, or due to the use of deleted objects without proper validation. (CVE-2023-42089, CVE-2023-42090, CVE-2023-42091, CVE-2023-42092, CVE-2023-42093, CVE-2023-42094, CVE-2023-42095, CVE-2023-42096, CVE-2023-42097, CVE-2023-42098) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to launch a Denial of Service attack. This occurs as the application fails to properly validate the indirectly obtained objects or empty values returned by certain interfaces when handling the bookmarks or text annotations in certain PDFs. |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the saveAs method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-39542) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 25, 2023
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.1.1 and Foxit PDF Reader for Mac 12.1.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.1.0.1229 and all previous 12.x versions, 11.1.4.1121 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
12.1.0.1229 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-after-Free or Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the access of null pointer/wild pointer or reference to the object that has been deleted without proper validation when handling certain JavaScripts. (CVE-2023-28744, CVE-2023-38111, CVE-2023-38107, CVE-2023-38109, CVE-2023-38113, CVE-2023-38112, CVE-2023-38110, CVE-2023-38117) |
|
Addressed a potential issue where the application could be terminated by force when data overflow was detected in XFA JavaScripts. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 19, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.1.3 and Foxit PDF Editor 12.1.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.1.2.15332 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.2.15332 and all previous 12.x versions, 11.2.6.53790 and all previous 11.x versions, 10.1.12.37872 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Use-after-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the access of null pointer/wild pointer or reference to the object that has been deleted without proper validation when handling certain JavaScripts. (CVE-2023-28744, CVE-2023-38111, CVE-2023-38107, CVE-2023-38109, CVE-2023-38113, CVE-2023-38114, CVE-2023-38112, CVE-2023-38110, CVE-2023-38115, CVE-2023-38117, CVE-2023-27379, CVE-2023-33866, CVE-2023-32664, CVE-2023-33876) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information. This is caused by the access violation as the application reads the bytes beyond the range of the stream or uses the color components (defined in the color space dictionary) that are inconsistent with the actual ones for the image object when converting the color space of an image. (CVE-2023-38105, CVE-2023-38106, CVE-2023-38108, CVE-2023-38116) |
|
Addressed potential issues where the application could be exposed to Arbitrary File Read vulnerability, which could be exploited by attackers to disclose files in the target system. This occurs as the application fails to properly validate the type of attachment when calling the methods (with file attachments specified) to create annotations. |
|
Addressed potential issues where the application could be exposed to Arbitrary File Deletion vulnerability, which could be exploited by attackers to delete the private files in the current user context. This occurs as the application fails to validate the file type and deletes the target file improperly without checking its existence in the user system when calling certain JavaScripts to export PDFs. |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability and crash when handling certain PDF files that include signatures. This occurs as the application verifies the signatures concurrently in a multi-threaded environment and overwrites the data multiple times. (CVE-2023-38119) |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the access violation as the application fails to handle the abnormal parameters properly when rendering the annotation pop-up notes in certain PDF files. (CVE-2023-38118) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: Jun 16, 2023
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.12, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.11.37866 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the exportXFAData method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-27363) |
|
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash when parsing certain XLS or DOC files. This occurs as the application opens the XLS or DOC file with the default permissions and allows for the execution of macros without proper restrictions or consents from users. (CVE-2023-27364, CVE-2023-27365) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the access of null pointer or freed memory without proper validation when handling certain JavaScripts. (CVE-2023-27366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability. This occurs as the original executable file of the registered service with system-level permissions can be hijacked by users with normal permissions when the application is installed in a non-standard directory. |
|
Addressed a potential issue where the application could be terminated by force when data overflow was detected in XFA JavaScripts. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 31, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.6, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.5.53785 and all previous 11.x versions, 10.1.11.37866 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the exportXFAData method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-27363) |
|
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash when parsing certain XLS or DOC files. This occurs as the application opens the XLS or DOC file with the default permissions and allows for the execution of macros without proper restrictions or consents from users. (CVE-2023-27364, CVE-2023-27365) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the access of null pointer or freed memory without proper validation when handling certain JavaScripts. (CVE-2023-27366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability. This occurs as the original executable file of the registered service with system-level permissions can be hijacked by users with normal permissions when the application is installed in a non-standard directory. |
|
Addressed a potential issue where the application could be terminated by force when data overflow was detected in XFA JavaScripts. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 19, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.1.2 and Foxit PDF Editor 12.1.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.1.1.15289 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, 10.1.11.37866 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the exportXFAData method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart. (CVE-2023-27363) |
|
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash when parsing certain XLS or DOC files. This occurs as the application opens the XLS or DOC file with the default permissions and allows for the execution of macros without proper restrictions or consents from users. (CVE-2023-27364, CVE-2023-27365) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the access of null pointer or freed memory without proper validation when handling certain JavaScripts. (CVE-2023-27366) |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability. This occurs as the original executable file of the registered service with system-level permissions can be hijacked by users with normal permissions when the application is installed in a non-standard directory. |
|
Addressed a potential issue where the application could be terminated by force when data overflow was detected in XFA JavaScripts. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: Mar 16, 2023
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.11, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.10.37854 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write vulnerability and crash when opening certain PDFs that contain JavaScripts with too much text specified in certain controls, which could be exploited by attackers to execute arbitrary code. This occurs due to the access of data outside the bounds as the application fails to validate the length of the input parameter when calling certain API functions from the GDI library. |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-43649) |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2023-27331, CVE-2023-27330, CVE-2023-27329) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 08, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.5, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write vulnerability and crash when opening certain PDFs that contain JavaScripts with too much text specified in certain controls, which could be exploited by attackers to execute arbitrary code. This occurs due to the access of data outside the bounds as the application fails to validate the length of the input parameter when calling certain API functions from the GDI library. |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-43649) |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2023-27331, CVE-2023-27330, CVE-2023-27329) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: February 21, 2023
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.1.1 and Foxit PDF Editor 12.1.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.1.0.15250 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.1.0.15250 and all previous 12.x versions, 11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability due to the improper encryption when collecting the user clicks of the banner ads and other potential issues as the web server that stores the advertisement logs and information is outdated (Foxit PDF Reader only). |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2023-27331, CVE-2023-27330, CVE-2023-27329) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 27, 2022
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.10, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.9.37808 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Read Access Violation, Use-after-Free, or Out-of-Bounds Read vulnerability and crash when parsing certain U3D files, which could be exploited by attackers to execute remote code or disclose information. This occurs as the application accesses the array or iterator outside the bounds, or uses the wild pointer or object that has been freed without proper validation. (CVE-2022-43637, CVE-2022-43638, CVE-2022-43639, CVE-2022-43640, CVE-2022-43641) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the use of null pointer without proper validation when parsing certain PDF files that contain the invalid Page object, or access of the array outside the bounds resulting from the logic error when parsing certain PDF files whose colSpan attribute is set beyond the maximum length allowed. |
|
Addressed potential issues where the application could be exposed to Stack Overrun or Stack Exhaustion vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the array access violation when handling certain PDF files containing a field that is formatted as “Percent” with an overly large value, or due to the infinite recursion resulting from the self-referenced object or incorrect hierarchy structure of nodes when handling certain PDF or XFA files. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability. This occurs as the application fails to validate the file when updating a plugin with the .fzip file. |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 22, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.4, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Read Access Violation, Use-after-Free, or Out-of-Bounds Read vulnerability and crash when parsing certain U3D files, which could be exploited by attackers to execute remote code or disclose information. This occurs as the application accesses the array or iterator outside the bounds, or uses the wild pointer or object that has been freed without proper validation. (CVE-2022-43637, CVE-2022-43638, CVE-2022-43639, CVE-2022-43640, CVE-2022-43641) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the use of null pointer without proper validation when parsing certain PDF files that contain the invalid Page object, or access of the array outside the bounds resulting from the logic error when parsing certain PDF files whose colSpan attribute is set beyond the maximum length allowed. |
|
Addressed potential issues where the application could be exposed to Stack Overrun or Stack Exhaustion vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the array access violation when handling certain PDF files containing a field that is formatted as “Percent” with an overly large value, or due to the infinite recursion resulting from the self-referenced object or incorrect hierarchy structure of nodes when handling certain PDF or XFA files. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability. This occurs as the application fails to validate the file when updating a plugin with the .fzip file. |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 13, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.1 and Foxit PDF Editor 12.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.0.2.12465 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.0.2.12465 and all previous 12.x versions, 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write vulnerability and crash when opening certain PDFs that contain JavaScripts with too much text specified in certain controls, which could be exploited by attackers to execute arbitrary code. This occurs due to the access of data outside the bounds as the application fails to validate the length of the input parameter when calling certain API functions from the GDI library. |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-43649) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 23, 2022
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.4, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.3.0920 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash. This occurs as the application uses the null pointer or element in the null array without proper validation when handling certain JavaScripts. |
|
Addressed potential issues where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain U3D files. This occurs as the application accesses the array outside the bounds. |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the access of the array outside the bounds resulting from the logic error when parsing certain PDF files whose colSpan attribute is set beyond the maximum length allowed. |
|
Addressed potential issues where the application could be exposed to Stack Overrun or Stack Exhaustion vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the array access violation when handling certain PDF files containing a field that is formatted as “Percent” with an overly large value, or due to the infinite recursion resulting from the incorrect hierarchy structure of nodes when handling certain PDF or XFA files. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 8, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.0.2 and Foxit PDF Editor 12.0.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.0.1.12430 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.0.1.12430, 12.0.0.12394, 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Read Access Violation, Use-after-Free, or Out-of-Bounds Read vulnerability and crash when parsing certain U3D files, which could be exploited by attackers to execute remote code or disclose information. This occurs as the application accesses the array or iterator outside the bounds, or uses the wild pointer or object that has been freed without proper validation. (CVE-2022-43637, CVE-2022-43638, CVE-2022-43639, CVE-2022-43640, CVE-2022-43641) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the use of null pointer without proper validation when parsing certain PDF files that contain the invalid Page object, or access of the array outside the bounds resulting from the logic error when parsing certain PDF files whose colSpan attribute is set beyond the maximum length allowed. |
|
Addressed potential issues where the application could be exposed to Stack Overrun or Stack Exhaustion vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the array access violation when handling certain PDF files containing a field that is formatted as “Percent” with an overly large value, or due to the infinite recursion resulting from the self-referenced object or incorrect hierarchy structure of nodes when handling certain PDF or XFA files. |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability. This occurs as the application fails to validate the file when updating a plugin with the .fzip file. |
|
Addressed potential issues where the application could be exposed to Use-after-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the use of object or pointer that has been freed when executing certain JavaScripts in PDF files. (CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 1, 2022
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.0.2 and Foxit PDF Reader for Mac 12.0.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.0.1.0720, 12.0.0.0601, 11.1.3.0920 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
12.0.1.0720 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash. This occurs as the application uses the null pointer or element in the null array without proper validation when handling certain JavaScripts. |
|
Addressed potential issues where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain U3D files. This occurs as the application accesses the array outside the bounds. |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the access of the array outside the bounds resulting from the logic error when parsing certain PDF files whose colSpan attribute is set beyond the maximum length allowed. |
|
Addressed potential issues where the application could be exposed to Stack Overrun or Stack Exhaustion vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the array access violation when handling certain PDF files containing a field that is formatted as “Percent” with an overly large value, or due to the infinite recursion resulting from the incorrect hierarchy structure of nodes when handling certain PDF or XFA files. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 22, 2022
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.3, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.2.0420 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 30, 2022
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.9, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.8.37795 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Type Confusion, Use-After-Free, or Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. (CVE-2022-37376, CVE-2022-37377, CVE-2022-37378) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the access of null pointer, handle, or array without proper validation. (CVE-2022-26979, CVE-2022-27944, CVE-2022-27359) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Memory Corruption Remote Code Execution vulnerability and crash. This occurs due to the access of illegal address as the application fails to update the pointer after the container is expanded during the iteration when handling the AFSpecial_KeystrokeEx method. (CVE-2022-37379, CVE-2022-37381) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application does not set the pointer as null after it has been released and releases the pointer again during the subsequent destruction when handling certain PDF files, or fails to handle the abnormal parameters during the process to create database API by calling the functions from Windows system when handling ADBC objects, or transforms objects by force without judging the data type when handling Doc objects. (CVE-2022-37380, CVE-2022-37383, CVE-2022-37388) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs due to the access or use of wild pointer or released object without proper validation when handling certain JavaScripts, Doc objects, or AcroForms. (CVE-2022-37382, CVE-2022-37384, CVE-2022-37385, CVE-2022-37389, CVE-2022-37386, CVE-2022-37390, CVE-2022-37387, CVE-2022-37391) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing the data stream in certain PDF files. This occurs due to the access violation caused by the incorrectly allocated memory as an overflow exists during the memory calculation. (CNVD-C-2022-280049) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information. This occurs as the application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. (CVE-2022-34873, CVE-2022-34875, CVE-2022-34874) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs as the application uses the null pointer without proper validation after the Page object has been deleted when opening certain PDF files in the Full Screen mode. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 26, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Editor 11.2.3, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor |
11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Type Confusion, Use-After-Free, or Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. (CVE-2022-37376, CVE-2022-37377, CVE-2022-37378) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the access of null pointer, handle, or array without proper validation. (CVE-2022-26979, CVE-2022-27944, CVE-2022-27359) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Memory Corruption Remote Code Execution vulnerability and crash. This occurs due to the access of illegal address as the application fails to update the pointer after the container is expanded during the iteration when handling the AFSpecial_KeystrokeEx method. (CVE-2022-37379, CVE-2022-37381) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application does not set the pointer as null after it has been released and releases the pointer again during the subsequent destruction when handling certain PDF files, or fails to handle the abnormal parameters during the process to create database API by calling the functions from Windows system when handling ADBC objects, or transforms objects by force without judging the data type when handling Doc objects. (CVE-2022-37380, CVE-2022-37383, CVE-2022-37388) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs due to the access or use of wild pointer or released object without proper validation when handling certain JavaScripts, Doc objects, or AcroForms. (CVE-2022-37382, CVE-2022-37384, CVE-2022-37385, CVE-2022-37389, CVE-2022-37386, CVE-2022-37390, CVE-2022-37387, CVE-2022-37391) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing the data stream in certain PDF files. This occurs due to the access violation caused by the incorrectly allocated memory as an overflow exists during the memory calculation. (CNVD-C-2022-280049) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information. This occurs as the application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. (CVE-2022-34873, CVE-2022-34875, CVE-2022-34874) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs as the application uses the null pointer without proper validation after the Page object has been deleted when opening certain PDF files in the Full Screen mode. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 2, 2022
Platform: Linux
Summary
Foxit has released Foxit Reader for Linux 2.4.5, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader for Linux |
2.4.4.0910 and earlier |
Linux |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability. This occurs as the application executes the destructor under png_safe_execute. (CVE-2019-7317) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 29, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.0.1 and Foxit PDF Editor 12.0.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
12.0.0.12394 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
12.0.0.12394, 11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Type Confusion, Use-After-Free, or Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. (CVE-2022-37376, CVE-2022-37377, CVE-2022-37378) |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. This occurs due to the access of null pointer, handle, or array without proper validation. (CVE-2022-26979, CVE-2022-27944, CVE-2022-27359) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Memory Corruption Remote Code Execution vulnerability and crash. This occurs due to the access of illegal address as the application fails to update the pointer after the container is expanded during the iteration when handling the AFSpecial_KeystrokeEx method. (CVE-2022-37379, CVE-2022-37381) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application does not set the pointer as null after it has been released and releases the pointer again during the subsequent destruction when handling certain PDF files, or fails to handle the abnormal parameters during the process to create database API by calling the functions from Windows system when handling ADBC objects, or transforms objects by force without judging the data type when handling Doc objects. (CVE-2022-37380, CVE-2022-37383, CVE-2022-37388) |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs due to the access or use of wild pointer or released object without proper validation when handling certain JavaScripts, Doc objects, or AcroForms. (CVE-2022-37382, CVE-2022-37384, CVE-2022-37385, CVE-2022-37389, CVE-2022-37386, CVE-2022-37390, CVE-2022-37387, CVE-2022-37391) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing the data stream in certain PDF files. This occurs due to the access violation caused by the incorrectly allocated memory as an overflow exists during the memory calculation. (CNVD-C-2022-280049) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 29, 2022
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 12.0.1 and Foxit PDF Reader for Mac 12.0.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
12.0.0.0601, 11.1.2.0420 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
12.0.0.0601, 11.1.2.0420 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: June 28, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.0 and Foxit PDF Editor 12.0, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
11.2.2.53575 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information. This occurs as the application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. (CVE-2022-34873, CVE-2022-34875, CVE-2022-34874) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs as the application uses the null pointer without proper validation after the Page object has been deleted when opening certain PDF files in the Full Screen mode. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: June 21, 2022
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.8, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.7.37777 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Null Pointer Dereference Denial of Service vulnerability and crash. This is caused by the parsing error when executing JavaScripts in certain PDF files. (CNVD-C-2021-205525) |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash. This occurs due to the use of null pointer without proper validation as the application fails to get the CF dictionary when handling certain encrypted PDFs with abnormal encryption dictionary. |
|
Addressed a potential issue where the application could be exposed to Incremental Saving Attack and Shadow Attack and deliver incorrect signature information when handling certain signed PDF files. This is caused by the parsing error as the parsing engine fails to use the cross-reference information correctly when parsing certain compressed objects. (CVE-2022-25641) |
|
Addressed potential issues where the application could be exposed to Type Confusion vulnerability and crash when executing certain JavaScripts. This occurs due to the improper compiling for an Unsigned32 result in the V8 JavaScript Engine. (CVE-2022-30557) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Use-After-Free Remote Code Execution vulnerability and crash when handling certain Acroforms, Doc objects, or Annotation objects. This occurs as the application uses the pointer/variable/object or accesses the memory that has been freed without proper validation. (CVE-2022-28670, CVE-2022-28669, CVE-2022-28671, CVE-2022-28672, CVE-2022-28673, CVE-2022-28675, CVE-2022-28676, CVE-2022-28674, CVE-2022-28678, CVE-2022-28680, CVE-2022-28679) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of object that has been freed as the application fails to update the copy of the pointer after a page is deleted when executing the deletePages method. (CVE-2022-28677, CVE-2022-28681, CVE-2022-28683) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs as the application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. (CVE-2022-28682) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 9, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 11.2.2 and Foxit PDF Editor 11.2.2, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
11.2.1.53537 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.2.1.53537 and all previous 11.x versions, 10.1.7.37777 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Null Pointer Dereference Denial of Service vulnerability and crash. This is caused by the parsing error when executing JavaScripts in certain PDF files. (CNVD-C-2021-205525) |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash. This occurs due to the use of null pointer without proper validation as the application fails to get the CF dictionary when handling certain encrypted PDFs with abnormal encryption dictionary. |
|
Addressed a potential issue where the application could be exposed to Incremental Saving Attack and Shadow Attack and deliver incorrect signature information when handling certain signed PDF files. This is caused by the parsing error as the parsing engine fails to use the cross-reference information correctly when parsing certain compressed objects. (CVE-2022-25641) |
|
Addressed potential issues where the application could be exposed to Type Confusion vulnerability and crash when executing certain JavaScripts. This occurs due to the improper compiling for an Unsigned32 result in the V8 JavaScript Engine. (CVE-2022-30557) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Use-After-Free Remote Code Execution vulnerability and crash when handling certain Acroforms, Doc objects, or Annotation objects. This occurs as the application uses the pointer/variable/object or accesses the memory that has been freed without proper validation. (CVE-2022-28670, CVE-2022-28669, CVE-2022-28671, CVE-2022-28672, CVE-2022-28673, CVE-2022-28675, CVE-2022-28676, CVE-2022-28674, CVE-2022-28678, CVE-2022-28680, CVE-2022-28679) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of object that has been freed as the application fails to update the copy of the pointer after a page is deleted when executing the deletePages method. (CVE-2022-28677, CVE-2022-28681, CVE-2022-28683) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs as the application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. (CVE-2022-28682) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 3, 2022
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.7, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.6.37749 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Stack-Based Buffer Overflow vulnerability and crash. This occurs due to the use of abnormal data without proper validation when handling an XFA file that contains improper attribute values in the node of a widget. (CVE-2022-24954) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Heap Overflow, Memory Corruption, Null Pointer Dereference, or Stack Buffer Overflow vulnerability and crash when converting certain PDF files to Office files. This occurs as the application reads data outside the bounds, accesses the memory that is modified invalidly, uses the null pointer, or reads or writes the data beyond the stack buffer. (CVE -2021-40729, CVE-2021-44709, ZS-VR-21-106, ZS-VR-21-107, ZS-VR-21-108, ZS-VR-21-109, CVE-2021-44740, CVE-2021-44741, CVE-2021-44708, ZS-VR-21-116) |
|
Addressed a potential issue where the application could be exposed to Memory Leak or Out-of-Bounds Read/Write vulnerability and crash. This occurs as the V8 JavaScript Engine does not take into account that the value of a variable type can be changed to “NaN” through addition or subtraction of Infinities, and fails to properly check and handle the abnormal data while handling the JavaScript. |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Array Out-of-Bounds vulnerability and crash when parsing certain PDF files. This occurs due to the use of null pointer or invalid object without proper validation. (CVE-2022-25108) |
|
Addressed a potential issue where the application could be exposed to Uncontrolled Search Path Element Privilege Escalation vulnerability, which could be exploited by attackers to execute malicious DLL files. This occurs as the application does not specify an absolute path when searching the DLL library. (CVE-2022-24955) |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when processing the format specifiers. This occurs as the util.printf function fails to handle the %llx format string properly. |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read Remote Code Execution vulnerability and crash when deleting pages in certain PDF files using the JavaScript API. This occurs due to the use of freed object or read of data beyond the boundaries as the application incorrectly deletes the page view even though the PDF engine has not successfully deleted the page. (CVE-2022-24359, CVE-2022-24358) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when handling certain Annotation objects, Doc objects or Acroforms. This occurs due to the use of wild pointers or freed objects without proper validation. (CVE-2022-24357, CVE-2022-24360, CVE-2022-24363, CVE-2022-24362, CVE-2021-40420, CVE-2022-24364, CVE-2022-24365, CVE-2022-24366, CVE-2022-24367, CVE-2022-24368) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution vulnerability and crash when parsing certain JPEG2000 or JP2 files with relatively large values in their attributes. This is caused by the memory access violation due to the incorrectly-calculated value as an overflow occurs when calculating the memory size or buffer size to be allocated. (CVE-2022-24361, CVE-2022-24971, CVE-2022-24369, CVE-2022-24907, CVE-2022-24908) |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain U3D files. This occurs due to the use of invalid pointer without proper validation. |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain PDF files. This occurs as the application gets the null dictionary object since the EFF information getting from the PDF file does not match the actual dictionary name, and uses the null dictionary object without proper validation. |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability and crash when handling certain methods in JavaScript. This is caused by the array out-of-bounds error due to the lack of proper validation for the parameter in the method. (CVE-2022-22150) |
|
Addressed an issue where the application could be exposed to various attacks if the XML configuration file of the iManage 10 plugin's logging function was modified. (CVE-2018-1285) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 28, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
11.1.0.52543 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.2.0.53415 and all previous 11.x versions, 10.1.6.37749 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Stack-Based Buffer Overflow vulnerability and crash. This occurs due to the use of abnormal data without proper validation when handling an XFA file that contains improper attribute values in the node of a widget. (CVE-2022-24954) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Heap Overflow, Memory Corruption, Null Pointer Dereference, or Stack Buffer Overflow vulnerability and crash when converting certain PDF files to Office files. This occurs as the application reads data outside the bounds, accesses the memory that is modified invalidly, uses the null pointer, or reads or writes the data beyond the stack buffer. (CVE -2021-40729, CVE-2021-44709, ZS-VR-21-106, ZS-VR-21-107, ZS-VR-21-108, ZS-VR-21-109, CVE-2021-44740, CVE-2021-44741, CVE-2021-44708, ZS-VR-21-116) |
|
Addressed a potential issue where the application could be exposed to Memory Leak or Out-of-Bounds Read/Write vulnerability and crash. This occurs as the V8 JavaScript Engine does not take into account that the value of a variable type can be changed to “NaN” through addition or subtraction of Infinities, and fails to properly check and handle the abnormal data while handling the JavaScript. |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Array Out-of-Bounds vulnerability and crash when parsing certain PDF files. This occurs due to the use of null pointer or invalid object without proper validation. (CVE-2022-25108) |
|
Addressed a potential issue where the application could be exposed to Uncontrolled Search Path Element Privilege Escalation vulnerability, which could be exploited by attackers to execute malicious DLL files. This occurs as the application does not specify an absolute path when searching the DLL library. (CVE-2022-24955) |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when processing the format specifiers. This occurs as the util.printf function fails to handle the %llx format string properly. |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read Remote Code Execution vulnerability and crash when deleting pages in certain PDF files using the JavaScript API. This occurs due to the use of freed object or read of data beyond the boundaries as the application incorrectly deletes the page view even though the PDF engine has not successfully deleted the page. (CVE-2022-24359, CVE-2022-24358) |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when handling certain Annotation objects, Doc objects or Acroforms. This occurs due to the use of wild pointers or freed objects without proper validation. (CVE-2022-24357, CVE-2022-24360, CVE-2022-24363, CVE-2022-24362, CVE-2021-40420, CVE-2022-24364, CVE-2022-24365, CVE-2022-24366, CVE-2022-24367, CVE-2022-24368) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution vulnerability and crash when parsing certain JPEG2000 or JP2 files with relatively large values in their attributes. This is caused by the memory access violation due to the incorrectly-calculated value as an overflow occurs when calculating the memory size or buffer size to be allocated. (CVE-2022-24361, CVE-2022-24971, CVE-2022-24369, CVE-2022-24907, CVE-2022-24908) |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain U3D files. This occurs due to the use of invalid pointer without proper validation. |
|
Addressed a potential issue where the application could be exposed to Read Access Violation vulnerability and crash when parsing certain PDF files. This occurs as the application gets the null dictionary object since the EFF information getting from the PDF file does not match the actual dictionary name, and uses the null dictionary object without proper validation. |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability and crash when handling certain methods in JavaScript. This is caused by the array out-of-bounds error due to the lack of proper validation for the parameter in the method. (CVE-2022-22150) |
|
Addressed an issue where the application could be exposed to various attacks if the XML configuration file of the iManage 10 plugin's logging function was modified. (CVE-2018-1285) |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 28, 2022
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1.1 and Foxit PDF Reader for Mac 11.1.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.1.0.0925 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
11.1.0.0925 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the data access violation caused by the array out-of-bounds error as the application fails to validate the object properly while handling the width attribute of certain XFA widget (CVE-2022-24370). |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability and crash. This occurs as the application fails to delete the page object timely after a page has been deleted (CVE-2022-24356). |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 29, 2021
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.6, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.5.37672 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Read Access Violation vulnerability and crash. This occurs when handling certain malformed PDF files due to the use of null pointer, wild pointer, void pointer, or uninitialized pointer without proper validation. (CNVD-C-2021-205496, CNVD-C-2021-205515, CNVD-C-2021-205541) |
|
Addressed potential issues where the application could be exposed to Pointer Dereference Remote Code Execution or Out-of-Bounds Read/Write vulnerability and crash when converting certain PDF files to Office files. This occurs as the application uses or accesses the freed pointer or uninitialized variable or reads/writes values outside the bounds. |
|
Addressed potential issues where the application could be exposed to NTLM v2 Authentication Leak or Use-after-Free vulnerability and crash. This occurs as the browser add-on converts the URL path by mistake when processing the URL that is not truly accessible, or fails to use the com API properly during the download process. |
|
Addressed potential issues where the application could be exposed to Use-after-Free, Out-of-Bounds Read, Read Access Violation, Null Pointer Dereference, or Uninitialized Memory Access vulnerability and crash, which could be exploited by attackers to execute remote code, disclose information, or cause denial of service. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation when handling certain JavaScripts or annotation objects. (CVE-2021-34948/CNVD-C-2021-247425, CVE-2021-34950, CVE-2021-34953, CVE-2021-34952/CNVD-C-2021-247417, CNVD-C-2021-205550, CVE-2021-34968, CVE-2021-34969/CNVD-C-2021-247399, CVE-2021-34972, CNVD-C-2021-247393, CNVD-C-2021-247404, CNVD-C-2021-247448, CNVD-C-2021-247458, CNVD-C-2021-247464, CVE-2021-41780, CVE-2021-41785, CVE-2021-41783, CVE-2021-41782, CVE-2021-41784, CVE-2021-41781, CVE-2021-34974, CVE-2021-34975) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Use-after-Free, or Type Confusion vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs when handling certain objects since the application transforms objects by force without judging the data type and uses the void pointer or memory without proper validation. (CVE-2021-34949, CVE-2021-34951/CNVD-C-2021-247436, CVE-2021-34954, CVE-2021-34955, CVE-2021-34956, CVE-2021-34957, CVE-2021-34958, CVE-2021-34959, CVE-2021-34965, CVE-2021-34960, CVE-2021-34961, CVE-2021-34962, CVE-2021-34963, CVE-2021-34964, CVE-2021-34966, CVE-2021-34967) |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when verifying digital signatures in certain PDF files, which could be exploited by attackers to display the controlled contents. This occurs due to the lack of proper validation for the hidden and incremental data in the digitally signed PDF files. (CVE-2021-40326) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash. This occurs when handling JavaScript in certain PDF files due to the access of arrays outside the bounds without proper validation. |
|
Addressed potential issues where the application could be exposed to Stack Overflow or Denial of Service vulnerability and crash. This is caused by the infinite loop, infinite mutual recursion or improper buffer management mechanism while handling certain JavaScripts. |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when handling certain PDF files that contain illegal dictionary entries or incorrect Outlines (CNVD-C-2021-247433). |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash. This occurs when getting the embedded fonts in certain PDF files as the bytes read exceed the stream length. (CVE-2021-34976, CVE-2021-34973) |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when processing the format specifiers. This occurs as the util.printf function fails to handle the format extension properly. (CVE-2021-34970) |
|
Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash. This occurs as the application writes the data based on the wrong region calculated when parsing certain JPEG2000 files. (CVE-2021-34971) |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when handling attachments or submitting forms. This occurs due to the lack of proper validation of the file suffix and file path. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 12, 2021
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 11.1 and Foxit PDF Editor 11.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
11.0.1.49938 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.0.1.49938, 11.0.0.49893, 10.1.5.37672 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Null Pointer Dereference or Read Access Violation vulnerability and crash. This occurs when handling certain malformed PDF files due to the use of null pointer, wild pointer, void pointer, or uninitialized pointer without proper validation. (CNVD-C-2021-205496, CNVD-C-2021-205515, CNVD-C-2021-205541) |
|
Addressed potential issues where the application could be exposed to Pointer Dereference Remote Code Execution or Out-of-Bounds Read/Write vulnerability and crash when converting certain PDF files to Office files. This occurs as the application uses or accesses the freed pointer or uninitialized variable or reads/writes values outside the bounds. |
|
Addressed potential issues where the application could be exposed to NTLM v2 Authentication Leak or Use-after-Free vulnerability and crash. This occurs as the browser add-on converts the URL path by mistake when processing the URL that is not truly accessible, or fails to use the com API properly during the download process. |
|
Addressed potential issues where the application could be exposed to Use-after-Free, Out-of-Bounds Read, Read Access Violation, Null Pointer Dereference, or Uninitialized Memory Access vulnerability and crash, which could be exploited by attackers to execute remote code, disclose information, or cause denial of service. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation when handling certain JavaScripts or annotation objects. (CVE-2021-34948/CNVD-C-2021-247425, CVE-2021-34950, CVE-2021-34953, CVE-2021-34952/CNVD-C-2021-247417, CNVD-C-2021-205550, CVE-2021-34968, CVE-2021-34969/CNVD-C-2021-247399, CVE-2021-34972, CNVD-C-2021-247393, CNVD-C-2021-247404, CNVD-C-2021-247448, CNVD-C-2021-247458, CNVD-C-2021-247464, CVE-2021-41780, CVE-2021-41785, CVE-2021-41783, CVE-2021-41782, CVE-2021-41784, CVE-2021-41781, CVE-2021-34974, CVE-2021-34975) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Use-after-Free, or Type Confusion vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs when handling certain objects since the application transforms objects by force without judging the data type and uses the void pointer or memory without proper validation. (CVE-2021-34949, CVE-2021-34951/CNVD-C-2021-247436, CVE-2021-34954, CVE-2021-34955, CVE-2021-34956, CVE-2021-34957, CVE-2021-34958, CVE-2021-34959, CVE-2021-34965, CVE-2021-34960, CVE-2021-34961, CVE-2021-34962, CVE-2021-34963, CVE-2021-34964, CVE-2021-34966, CVE-2021-34967) |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when verifying digital signatures in certain PDF files, which could be exploited by attackers to display the controlled contents. This occurs due to the lack of proper validation for the hidden and incremental data in the digitally signed PDF files. (CVE-2021-40326) |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash. This occurs when handling JavaScript in certain PDF files due to the access of arrays outside the bounds without proper validation. |
|
Addressed potential issues where the application could be exposed to Stack Overflow or Denial of Service vulnerability and crash. This is caused by the infinite loop, infinite mutual recursion or improper buffer management mechanism while handling certain JavaScripts. |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when handling certain PDF files that contain illegal dictionary entries or incorrect Outlines (CNVD-C-2021-247433). |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash. This occurs when getting the embedded fonts in certain PDF files as the bytes read exceed the stream length. (CVE-2021-34976, CVE-2021-34973) |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when processing the format specifiers. This occurs as the util.printf function fails to handle the format extension properly. (CVE-2021-34970) |
|
Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash. This occurs as the application writes the data based on the wrong region calculated when parsing certain JPEG2000 files. (CVE-2021-34971) |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Execution vulnerability when handling attachments or submitting forms. This occurs due to the lack of proper validation of the file suffix and file path. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 12, 2021
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.1 and Foxit PDF Reader for Mac 11.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.0.1.0719 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
11.0.1.0719 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability. This occurs as the application allows the local programs to be opened by executing certain JavaScripts without proper validation (CVE-2021-45978, CVE-2021-45979, CVE-2021-45980). |
|
Addressed a potential issue where the application could be exposed to Null Pointer Dereference vulnerability and crash. This occurs when handling certain malformed PDF files due to the use of null pointer without proper validation. |
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 26, 2021
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.5, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
10.1.4.37651 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
xina1i |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function. (CVE-2021-38564) |
Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation (CVE-2021-21831, CVE-2021-21870, CVE-2021-34831, CVE-2021-34832, CVE-2021-34847). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents. |
Hou JingYi (@hjy79425575) |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (CVE-2021-34852, CVE-2021-34834, CVE-2021-34835, CVE-2021-34851, CVE-2021-34836, CVE-2021-34837, CVE-2021-34838, CVE-2021-34839, CVE-2021-34840, CVE-2021-34841, CVE-2021-34833, CVE-2021-34842, CVE-2021-34843, CVE-2021-34844, CVE-2021-34845, CVE-2021-34853). |
Xu Peng from UCAS and Wang Yanhao from QiAnXin Technology Research Institute working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion. |
Milan Kyselica |
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 27, 2021
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 11.0.1 and Foxit PDF Editor 11.0.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Reader (previously named Foxit Reader) |
11.0.0.49893 and earlier |
Windows |
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.0.0.49893, 10.1.4.37651 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
xina1i |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function. (CVE-2021-38564) |
Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation ( CVE-2021-21831, CVE-2021-21870, CVE-2021-34831, CVE-2021-34832, CVE-2021-34847, CVE-2021-34850, CVE-2021-34849, CVE-2021-34848). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents. |
Hou JingYi (@hjy79425575) |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (CVE-2021-34852, CVE-2021-34834, CVE-2021-34835, CVE-2021-34851, CVE-2021-34836, CVE-2021-34837, CVE-2021-34838, CVE-2021-34839, CVE-2021-34840, CVE-2021-34841, CVE-2021-34833, CVE-2021-34842, CVE-2021-34843, CVE-2021-34844, CVE-2021-34845, CVE-2021-34853). |
Xu Peng from UCAS and Wang Yanhao from QiAnXin Technology Research Institute working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion. |
Milan Kyselica |
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 27, 2021
Platform: macOS
Summary
Foxit has released Foxit PDF Editor for Mac 11.0.1 and Foxit PDF Reader for Mac 11.0.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) |
11.0.0.0510 and earlier |
macOS |
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) |
11.0.0.0510 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Null Pointer Reference Denial of Service vulnerability and crash. This is caused by memory corruption due to the lack of proper validation when handling certain PDF files whose dictionary entries are missing (CNVD-C-2021-95204). |
China National Vulnerability Database |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts. This occurs due to the use or access of memory or object that has been freed without proper validation (CVE-2021-21831, CVE-2021-34832). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
Milan Kyselica |
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2021
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.4 and Foxit PhantomPDF 10.1.4, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
10.1.3.37598 and earlier |
Windows |
Foxit PhantomPDF |
10.1.3.37598 and all previous 10.x versions, 9.7.5.29616 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats. This occurs due to the access violation, which could be exploited by attackers to execute remote code. |
Ariele Caltabiano (kimiya) |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects. This is caused by stack overflow as there are too many levels or dead loops during the recursive call of functions (CNVD-C-2020-186243/CNVD-C-2020-186246/CNVD-C-2020-186244/CNVD-C-2020-186248/CNVD-C-2020-186237). |
China National Vulnerability Database |
Addressed potential issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation (CNVD-C-2020-305224/CNVD-C-2020-305182/CNVD-C-2020-305095/EIP-2018-0045/CNVD-C-2020-305100/CVE-2021-31461/CVE-2021-31476). |
Xinyu Wan, Yiwei Zhang, and Wei You from Renmin University of China |
Addressed a potential issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control. Local attackers could exploit this vulnerability to create a symbolic link and cause arbitrary files to be deleted once the application is uninstalled by an admin user. |
Dhiraj Mishra (@RandomDhiraj) |
Addressed a potential issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures. This occurs as the application gets the certificate name in an incorrect order and displays the document owner as the signature author by mistake. |
Thore Hendrikson |
Addressed potential issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. This occurs due to the improper behavior while loading libraries, including loading the libraries in the installation directory as precedence when loading system libraries, loading the libraries that are disguised as system libraries in the installation folder without proper validation, and failing to use the fully qualified paths when loading external libraries (CNVD-C-2021-68000/CNVD-C-2021-68502). |
mnhFly of Aurora Infinity WeiZhen Security Team |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation (CVE-2021-31452/CVE-2021-31473). |
mnhFly of Aurora Infinity WeiZhen Security Team |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. This occurs due to the access of an array whose size is not enough to accommodate the data. |
xina1i |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash when converting certain PDF files to Microsoft Office files. This occurs as the PDF object data defined in the Cross-Reference Table is corrupted. |
Haboob Lab |
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain XFA forms or annotation objects. This occurs due to the use or access of the objects that have been released or deleted (CVE-2021-31441/CVE-2021-31450/CVE-2021-31453/CVE-2021-31451/CVE-2021-31455/CVE-2021-31456/CVE-2021-31457/CVE-2021-31458/CVE-2021-31459/CVE-2021-31460/CVE-2021-21822). |
Yongil Lee and Wonyoung Jung of Diffense |
Addressed potential issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts. This occurs as the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions (EIP-2018-0046/EIP-2019-0006/EIP-2019-0007). |
Exodus Intelligence |
Addressed potential issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability. Attackers could exploit this vulnerability to insert or delete databases by inserting codes at the end of the strings (EIP-2018-0057/EIP-2018-0080/EIP-2018-0081). |
Exodus Intelligence |
Addressed a potential issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash. This occurs due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms. |
Yongil Lee and Wonyoung Jung of Diffense |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute (CVE-2021-31454). |
Yongil Lee and Wonyoung Jung of Diffense |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2021
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.4.37623 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
10.1.3.37598 and all previous 10.x versions, 9.7.4.29600 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1 or higher, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write, Use-After-Free, or Double Free vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of illogical data range when handling certain U3D objects embedded in PDF files. (CVE-2021-31469/CVE-2021-31470/CVE-2021-31471/CVE-2021-31472/CVE-2021-31442/CVE-2021-31443/CVE-2021-31444/CVE-2021-31445/CVE-2021-31446/CVE-2021-31447/CVE-2021-31448/CVE-2021-31449/CVE-2021-31467/CVE-2021-31468/CVE-2021-31466/CVE-2021-31465/CVE-2021-31464/CVE-2021-31463/CVE-2021-31462). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: Apr 20, 2021
Platform: Web
Summary
Foxit has a new version of Foxit Studio Photo 3.6.6.934, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Studio Photo |
3.6.6.933 and earlier |
Windows |
Solution
Update Foxit Studio Photo to the latest versions by following the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where remote attackers to execute arbitrary code on the application. This is caused by an uninitialized variable(CVE-2021-31435). |
Francis Provencher {PRL} working with Trend Micro Zero Day Initiative |
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the ARW, JPM, JP2 file's parser. (CVE-2021-31433/ CVE-2021-31434/ CVE-2021-31437). |
Wenguang Jiao working with Trend Micro Zero Day Initiative |
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the parser of the SGI file. (CVE-2021-31436). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the parser of the PSP file. (CVE-2021-31438) |
Francis Provencher {PRL} working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 31, 2021
Platform: Web
Summary
Foxit has released Foxit PDF SDK for Web 7.6.0, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF SDK for Web |
7.5.0 and earlier |
Web |
Solution
Vulnerability details
Brief |
Acknowledgement |
Fixed a cross-site scripting security where the JavaScript app.alert() message was taken as HTML code, injected into HTML DOM and execute. |
Luigi Gubello |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 22, 2021
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.3 and Foxit PhantomPDF 10.1.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
10.1.1.37576 and earlier |
Windows |
Foxit PhantomPDF |
10.1.1.37576 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the improper release of resources when parsing certain JPEG2000 files (CVE-2021-27270). |
cece working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 22, 2021
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.3.37598 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
10.1.1.37576 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1 or higher, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Use-After-Free, or Memory Corruption vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs when working with certain PDF files that contain 3D objects due to a parse error as the data format recorded in the PDF file is not consistent with the actual one (CVE-2021-27261/CVE-2021-27262/CVE-2021-27263/CVE-2021-27264/CVE-2021-27265/CVE-2021-27266/CVE-2021-27267/CVE-2021-27268/CVE-2021-27271). |
Mat Powell of Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code. This occurs when parsing certain PDF files that contain 3D objects as the number of KeyFrames defined in MOTIONRESOURCE (0xffffff56) block does not match the actual one written (CVE-2021-27269). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: February 2, 2021
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 4.1.3 and Foxit Reader Mac 4.1.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF Mac |
4.1.1.1123 and earlier |
macOS |
Foxit Reader Mac |
4.1.1.1123 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 30, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.5 , which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
9.7.4.29600 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash while processing certain XFA templates. This occurs during the process of modifying control attributes and appending nodes as the application fails to validate and uses certain type of object that is explicitly converted from a wrong layout object created by the appended template node (CVE-2020-27860). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
Addressed a potential issue where the application could be exposed to Type Confusion Memory Corruption or Remote Code Execution vulnerability and crash due to the lack of proper validation when an incorrect argument was passed to the app.media.openPlayer function defined in PDF JavaScript API (CVE-2020-13547). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript in a PDF file. This occurs due to the access or use of pointer or object that has been removed after calling certain JavaScript functions (CVE-2020-13548/CVE-2020-13557/CVE-2020-13560/CVE-2020-13570). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when opening certain PDF files that contained illegal value in the /Size entry of the Trail dictionary. This occurs due to the array overflow as the illegal value in the /Size entry causes an error in initializing the array size for storing the compression object streams, and an object number which is larger than the initialization value is used as the array index while parsing the cross-reference streams (CVE-2020-28203). |
Sanjeev Das (IBM Research) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 9, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.1 and Foxit PhantomPDF 10.1.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
10.1.0.37527 and earlier |
Windows |
Foxit PhantomPDF |
10.1.0.37527 and all previous 10.x versions, 9.7.4.29600 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash while processing certain XFA templates. This occurs during the process of modifying control attributes and appending nodes as the application fails to validate and uses certain type of object that is explicitly converted from a wrong layout object created by the appended template node (CVE-2020-27860). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
Addressed a potential issue where the application could be exposed to Type Confusion Memory Corruption or Remote Code Execution vulnerability and crash due to the lack of proper validation when an incorrect argument was passed to the app.media.openPlayer function defined in PDF JavaScript API (CVE-2020-13547). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript in a PDF file. This occurs due to the access or use of pointer or object that has been removed after calling certain JavaScript functions (CVE-2020-13548/CVE-2020-13557/CVE-2020-13560/CVE-2020-13570). |
Aleksandar Nikolic of Cisco Talos |
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when opening certain PDF files that contained illegal value in the /Size entry of the Trail dictionary. This occurs due to the array overflow as the illegal value in the /Size entry causes an error in initializing the array size for storing the compression object streams, and an object number which is larger than the initialization value is used as the array index while parsing the cross-reference streams (CVE-2020-28203). |
Sanjeev Das (IBM Research) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 20, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.4, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
9.7.3.29555 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash when executing JavaScript in certain AcroForm. This occurs due to the use of Opt object after it has been deleted by calling Field::ClearItems method while executing Field::DeleteOptions method. |
Hung Tien Tran @hungtt28 |
Addressed a potential issue where the application could be exposed to Write/Read Access Violation vulnerability and crash. This occurs due to the exception thrown by the V8 JavaScript engine, which is resulted from the failure to properly handle the situation where the Index returned during the allocation of thread local storage by TslAlloc function exceeds the limits acceptable by the V8 JavaScript engine. |
John Stigerwalt |
Addressed potential issues where the application could be exposed to Null Pointer Access/Dereference vulnerability and crash when opening certain specially crafted PDF. This occurs due to the access or reference of the null pointer without proper validation (CNVD-C-2020-169904/CNVD-C-2020-186241/CNVD-C-2020-186245). |
John Stigerwalt |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing certain JPEG2000 images. This occurs because the application fails to release memory correctly based on the memory block information (CVE-2020-17410). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash. This occurs during the handling of Shading because the number of outputs calculated by function does not match the number of color components in the Shading directory’s color space. |
Nafiez, Fakhrie and Yeh of TomatoDuck Fuzzing Group |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability when parsing certain JPEG2000 images due to the incorrect read and write of memory at invalid address (CVE-2020-17416). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability during installation. This occurs as the application does not use the absolute path to find taskkill.exe but firstly finds and executes the one in the current working directory. |
Dhiraj Mishra (@RandomDhiraj) |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash. This occurs due to the use of /V item which is deleted after being interpreted as the action executed during validation when it exists in both Additional Action and Field dictionaries but shares different interpretations (CNVD-C-2020-169907). |
China National Vulnerability Database |
Addressed a potential issue where the application could be exposed to Universal Signature Forgery vulnerability and deliver incorrect validation results when validating digital signatures in certain PDF files. This occurs as the application fails to perform cryptographic validation of signatures correctly, which could be exploited by attackers to forge arbitrary signatures on arbitrary files and deceive the validator. |
Matthias Valvekens |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 20, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.4.29600 for Foxit PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
9.7.3.29555 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Stack-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of data when parsing certain U3D object that contains incorrect data stream (CNVD-C-2020-73515/CNVD-C-2020-73509/CVE-2020-17411/CVE-2020-17412/CVE-2020-17413). |
China National Vulnerability Database |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 9, 2020
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac and Foxit Reader Mac 4.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF Mac |
4.0.0.0430 and earlier |
macOS |
Foxit Reader Mac |
4.0.0.0430 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Code Injection or Information Disclosure vulnerability because it did not enable Hardened Runtime capability during code signing. |
Hou JingYi (@hjy79425575) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 28, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1 and Foxit PhantomPDF 10.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
10.0.1.35811 and earlier |
Windows |
Foxit PhantomPDF |
10.0.1.35811, 10.0.0.35798, 9.7.3.29555 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash when executing JavaScript in certain AcroForm. This occurs due to the use of Opt object after it has been deleted by calling Field::ClearItems method while executing Field::DeleteOptions method. |
Hung Tien Tran @hungtt28 |
Addressed a potential issue where the application could be exposed to Write/Read Access Violation vulnerability and crash. This occurs due to the exception thrown by the V8 JavaScript engine, which is resulted from the failure to properly handle the situation where the Index returned during the allocation of thread local storage by TslAlloc function exceeds the limits acceptable by the V8 JavaScript engine. |
John Stigerwalt |
Addressed potential issues where the application could be exposed to Null Pointer Access/Dereference vulnerability and crash when opening certain specially crafted PDF. This occurs due to the access or reference of the null pointer without proper validation (CNVD-C-2020-169904/CNVD-C-2020-186241/CNVD-C-2020-186245). |
John Stigerwalt |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing certain JPEG2000 images. This occurs because the application fails to release memory correctly based on the memory block information (CVE-2020-17410). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Incorrect Permission Assignment Privilege Escalation vulnerability, which could be exploited by attackers to execute an arbitrary program. This occurs due to the incorrect permission set on a resource used by Foxit update service (CVE-2020-17414/CVE-2020-17415). |
@Kharosx0 working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash. This occurs during the handling of Shading because the number of outputs calculated by function does not match the number of color components in the Shading directory’s color space. |
Nafiez, Fakhrie and Yeh of TomatoDuck Fuzzing Group |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability when parsing certain JPEG2000 images due to the incorrect read and write of memory at invalid address (CVE-2020-17416). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability during installation. This occurs as the application does not use the absolute path to find taskkill.exe but firstly finds and executes the one in the current working directory. |
Dhiraj Mishra (@RandomDhiraj) |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash. This occurs due to the use of /V item which is deleted after being interpreted as the action executed during validation when it exists in both Additional Action and Field dictionaries but shares different interpretations (CNVD-C-2020-169907). |
China National Vulnerability Database |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability and crash due to the lack of proper validation of the input data when triggering Doc.getNthFieldName method (CVE-2020-17417). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Universal Signature Forgery vulnerability and deliver incorrect validation results when validating digital signatures in certain PDF files. This occurs as the application fails to perform cryptographic validation of signatures correctly, which could be exploited by attackers to forge arbitrary signatures on arbitrary files and deceive the validator. |
Matthias Valvekens |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 28, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.0.37494 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
10.0.1.35811, 10.0.0.35737, 9.7.3.29555 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Stack-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of data when parsing certain U3D object that contains incorrect data stream (CNVD-C-2020-73515/CNVD-C-2020-73509/CVE-2020-17411/CVE-2020-17412/CVE-2020-17413). |
China National Vulnerability Database |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 31, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
9.7.2.29539 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability and crash. This occurs as the application directly transforms the PDF Object as PDF Stream for further actions without proper validation when verifying the information in a crafted XObject (CVE-2020-11493). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the application mistakenly uses the index of the original text string to recognize links after the original text string is divided into two pieces during text string layout (CVE-2020-12247). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the access of illegal memory when loading certain webpage (CVE-2020-15637). |
Mat Powell of Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash. This occurs due to the application fails to execute a fault-tolerance mechanism when processing the dirty data in the image resources (CVE-2020-12248). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash due to the access of array whose length is larger than its initial length (CVE-2020-15638). |
Rene Freingruber (@ReneFreingruber) and Patrick Wollgast working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 31, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.0.1 and Foxit PhantomPDF 10.0.1, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
10.0.0.35798 and earlier |
Windows |
Foxit PhantomPDF |
10.0.0.35798, 9.7.2.29539 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability and crash. This occurs as the application directly transforms the PDF Object as PDF Stream for further actions without proper validation when verifying the information in a crafted XObject (CVE-2020-11493). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the application mistakenly uses the index of the original text string to recognize links after the original text string is divided into two pieces during text string layout (CVE-2020-12247). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the access of illegal memory when loading certain webpage (CVE-2020-15637). |
Mat Powell of Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash. This occurs due to the application fails to execute a fault-tolerance mechanism when processing the dirty data in the image resources (CVE-2020-12248). |
Steven Seeley of Qihoo 360 Vulcan Team |
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash due to the access of array whose length is larger than its initial length (CVE-2020-15638). |
Rene Freingruber (@ReneFreingruber) and Patrick Wollgast working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2020
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac and Foxit Reader Mac 4.0, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF Mac |
3.4.0.1012 and earlier |
macOS |
Foxit Reader Mac |
3.4.0.1012 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2020-9592/CVE-2020-9596). |
Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 9.7.2 and Foxit PhantomPDF 9.7.2, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.7.1.29511 and earlier |
Windows |
Foxit PhantomPDF |
9.7.1.29511 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Type Confusion or Arbitrary File Write Remote Code Execution vulnerability and crash. This occurs during the handling of app.opencPDFWebPage JavaScript due to the lack of proper validation of parameters in socket message (ZDI-CAN-9828/ZDI-CAN-9829/ZDI-CAN-9830/ZDI-CAN-9831/ZDI-CAN-9865/ZDI-CAN-9942/ZDI-CAN-9943/ZDI-CAN-9944/ZDI-CAN-9945/ZDI-CAN-9946) |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability if users were using the DocuSign plugin. This occurs because the username and password are hardcoded in the DocuSign plugin during an HTTP request. |
David Cook |
Addressed a potential issue where the application could be exposed to Brute-force Attack vulnerability as the CAS service did not limit the times of user login failures. |
Hassan Personal |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing certain XFA template or AcroForm due to the use of objects which had been freed (ZDI-CAN-10132/ZDI-CAN-10142/ZDI-CAN-10614/ZDI-CAN-10650). |
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when working with certain malicious PDF file. This occurs as the application continues to execute JavaScript to open a document without proper validation after the page is deleted or the document is closed. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
Addressed potential issues where the application could be exposed to Circular Reference vulnerability and got stuck in a dead loop when working with certain PDF file. This occurs due to the lack of a circular reference verification mechanism when processing actions that contain circular reference. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
Addressed a potential issue where the application could be exposed to Infinite Loop or Out-of-Memory vulnerability and crash when parsing certain PDF file that contains irregular data in cross-reference stream or lengthy character strings in the content stream. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
Addressed a potential issue where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2020-9592/CVE-2020-9596). |
Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.2.29539 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
9.7.1.29511 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Heap-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to disclose information or execute remote codes. This occurs due to the lack of proper validation of data when parsing certain file with incorrect 3D annotation data (ZDI-CAN-10189/ZDI-CAN-10190/ZDI-CAN-10191/ZDI-CAN-10192/ZDI-CAN-10193/ZDI-CAN-10195/ZDI-CAN-10461/ZDI-CAN-10462/ZDI-CAN-10463/ZDI-CAN-10464/ZDI-CAN-10568). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 16, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 9.7.1 and Foxit PhantomPDF 9.7.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.7.0.29478 and earlier |
Windows |
Foxit PhantomPDF |
9.7.0.29455 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Integer Overflow or Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when parsing certain JPEG/JPG2000 images or JP2 streams inside PDF files. This is caused by memory allocation mistake or overflow which results in memory access violation (ZDI-CAN-9102/ZDI-CAN-9606/ZDI-CAN-9407/ZDI-CAN-9413/ZDI-CAN-9414/ZDI-CAN-9415/ZDI-CAN-9406/ZDI-CAN-9416). |
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handling watermarks, AcroForm objects, text field or JavaScript field objects in PDF files due to the use of objects after it had been freed without proper validation (ZDI-CAN-9358/ZDI-CAN-9640/ZDI-CAN-9400/CVE-2019-5126/CVE-2019-5131/CVE-2019-5130/CVE-2019-5145/ZDI-CAN-9862). |
mrpowell of Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write or Use-After-Free Remote Code Execution vulnerability and crash when converting HTML files to PDFs due to memory access violation during the loading and rendering of webpages (ZDI-CAN-9591/ZDI-CAN-9560). |
rgod of 9sg working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability due to the use of uninitialized pointer without proper validation when processing certain documents whose dictionary was missing. |
rwxcode of nsfocus security team |
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash due to looped indirect object reference. |
Michael Heinzl |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 5, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.12, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
8.3.11.45106 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash due to the unexpected error or out-of-memory in V8 Engine when executing certain JavaScript (CVE-2019-5031/CVE-2019-13123/CVE-2019-13124/ZDI-CAN-8692). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when deleting Field with the nested scripts (ZDI-CAN-8864/ZDI-CAN-8888/ZDI-CAN-8913/ZDI-CAN-9044/ZDI-CAN-9081). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash when parsing TIFF files as the application failed to set decoding information for images properly (ZDI-CAN-8695/ZDI-CAN-8742). |
Zak Rogness working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting JPG file to PDF due to array access violation (ZDI-CAN-8838). |
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
ADLab of Venustech |
Addressed potential issues where the application could crash when parsing certain files. This occurs because the application creates data for each page in application level, which causes the memory of application reach to the maximum. |
ADLab of Venustech |
Addressed a potential issue where the application could be exposed to Stack Exhaustion vulnerability and crash due to the nested calling of functions when parsing XML files. |
ADLab of Venustech |
Addressed potential issues where the application could crash when parsing certain file data due to the access of null pointer without proper validation. |
ADLab of Venustech |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the access of objects which has been deleted or released (ZDI-CAN-9091/ZDI-CAN-9149). |
RockStar working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Access Violation vulnerability and crash when it was launched on the condition that there was no enough memory in the current system (CVE-2019-17183). |
K.K.Senthil Velan of Zacco Cybersecurity Research Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 16, 2019 (Foxit PhantomPDF 9.7) / September 29, 2019 (Foxit Reader 9.7)
Platform: Window s
Summary
Foxit has released Foxit Reader 9.7 and Foxit PhantomPDF 9.7, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.6.0.25114 and earlier |
Windows |
Foxit PhantomPDF |
9.6.0.25114 and all previous 9.x versions, 8.3.11.45106 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash due to the unexpected error or out-of-memory in V8 Engine when executing certain JavaScript (CVE-2019-5031/CVE-2019-13123/CVE-2019-13124/ZDI-CAN-8692). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when deleting Field with the nested scripts (ZDI-CAN-8864/ZDI-CAN-8888/ZDI-CAN-8913/ZDI-CAN-9044/ZDI-CAN-9081). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash when parsing TIFF files as the application failed to set decoding information for images properly (ZDI-CAN-8695/ZDI-CAN-8742). |
Zak Rogness working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting JPG file to PDF due to array access violation (ZDI-CAN-8838). |
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
ADLab of Venustech |
Addressed potential issues where the application could crash when parsing certain files. This occurs because the application creates data for each page in application level, which causes the memory of application reach to the maximum. |
ADLab of Venustech |
Addressed a potential issue where the application could be exposed to Stack Exhaustion vulnerability and crash due to the nested calling of functions when parsing XML files. |
ADLab of Venustech |
Addressed potential issues where the application could crash when parsing certain file data due to the access of null pointer without proper validation. |
ADLab of Venustech |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the access of objects which has been deleted or released (ZDI-CAN-9091/ZDI-CAN-9149). |
RockStar working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Access Violation vulnerability and crash when it was launched on the condition that there was no enough memory in the current system (CVE-2019-17183). |
K.K.Senthil Velan of Zacco Cybersecurity Research Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 15, 2019
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 3.4, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF Mac |
3.3.0.0709 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
Wenchao Li of VARAS@IIE |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 29, 2019
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.0.29430 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
9.6.0.25108 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write and Null Pointer Dereference vulnerability if users were using 3D Plugin Beta. This occurs due to the lack of proper validation of incorrect image data when parsing certain files with incorrect image information. |
ADLab of Venustech |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 15, 2019
Platform: Windows
Summary
Foxit has released the upgrade package for Foxit Reader (EXE package) 9.6, which addresses a potential security and stability issue.
Affected versions
Product |
Affected versions |
Platform |
Upgrade package for Foxit Reader (EXE package) |
9.6.0.25114 |
Windows |
Solution
Users who update Foxit Reader to the latest version after August 15, 2019 will not be affected. If you have enabled the Safe Reading Mode in the older version and updated Foxit Reader to Version 9.6.0.25114 before August 15, 2019, please go to File > Preferences > Trust Manager to check and enable the Safe Reading Mode.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the Safe Reading Mode could be disabled when users updating Foxit Reader from within the application, which could be exploited by attackers to execute unauthorized action or data transmission. This occurs because the registry configuration is deleted and not applied during update. |
Haifei Li of McAfee |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 19, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.11, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
8.3.10.42705 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could crash when calling xfa.event.rest XFA JavaScript due to the access of wild pointer. |
Hui Gao of Palo Alto Networks |
Addressed potential issues where the application could crash when calling certain XFA JavaScript due to the use or access of null pointer without proper validation on the object. |
Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could crash due to array access violation during XFA layout. This occurs because the original node object contains one more contentArea object than that in XFA layout, which exceed the array size during traversal. |
Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when processing AcroForms. This occurs because additional event is triggered to delete ListBox and ComboBox Field when trying to delete the items in ListBox and ComboBox Field by calling deleteItemAt method (ZDI-CAN-8295). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Stack Buffer Overrun vulnerability and crash. This occurs because the maximum length in For loop is not updated correspondingly when all the Field APs are updated after executing Field related JavaScript. |
xen1thLabs |
Addressed a potential issue where the application could crash due to the repeated release of signature dictionary during CSG_SignatureF and CPDF_Document destruction. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could crash due to the lack of proper validation of the existence of an object prior to performing operations on the object when executing JavaScript. |
Hui Gao of Palo Alto Networks |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability. This occurs because Field object is deleted during parameter calculation when setting certain attributes in Field object using JavaScript (ZDI-CAN-8491/ZDI-CAN-8801/ZDI-CAN-8656/ZDI-CAN-8757/ZDI-CAN-8759/ZDI-CAN-8814). |
banananapenguin working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could crash when calling clone function due to the endless loop resulted from the confused relationships between the child and parent object caused by append error. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Null Pointer Dereference vulnerability and crash when parsing certain Epub file. This occurs because a null string is written to FXSYS_wcslen which does not support null strings. |
ADLab of Venustech |
Addressed potential issues where the application could be exposed the Use-After-Free Remote Code Execution vulnerability and crash due to the use of Field objects or control after they have been deleted or released (ZDI-CAN-8669). |
Xinru Chi of Pangu Lab |
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when calling util.printf JavaScript as the actual memory address of any variable available to the JavaScript can be extracted (ZDI-CAN-8544). |
banananapenguin working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed Out-of-Bounds Write vulnerability when users use the application in Internet Explorer because the input argument exceed the array length. |
@j00sean |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 15, 2019
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 3.3 and Foxit Reader Mac 3.3, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF Mac |
3.2.0.0404 and earlier |
macOS |
Foxit Reader Mac |
3.2.0.0404 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash due to the use of null pointer without proper validation. |
Xinru Chi of Pangu Lab |
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability due to the mutual reference between ICCBased color space and Alternate color space. |
Xinru Chi of Pangu Lab |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 4, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.6 and Foxit PhantomPDF 9.6, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.5.0.20723 and earlier |
Windows |
Foxit PhantomPDF |
9.5.0.20723 and all previous 9.x versions, 8.3.10.42705 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could crash when calling xfa.event.rest XFA JavaScript due to the access of wild pointer. |
Hui Gao of Palo Alto Networks |
Addressed potential issues where the application could crash when calling certain XFA JavaScript due to the use or access of null pointer without proper validation on the object. |
Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could crash due to array access violation during XFA layout. This occurs because the original node object contains one more contentArea object than that in XFA layout, which exceed the array size during traversal. |
Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when processing AcroForms. This occurs because additional event is triggered to delete ListBox and ComboBox Field when trying to delete the items in ListBox and ComboBox Field by calling deleteItemAt method (ZDI-CAN-8295). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Stack Buffer Overrun vulnerability and crash. This occurs because the maximum length in For loop is not updated correspondingly when all the Field APs are updated after executing Field related JavaScript. |
xen1thLabs |
Addressed a potential issue where the application could crash due to the repeated release of signature dictionary during CSG_SignatureF and CPDF_Document destruction. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could crash due to the lack of proper validation of the existence of an object prior to performing operations on the object when executing JavaScript. |
Hui Gao of Palo Alto Networks |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability. This occurs because Field object is deleted during parameter calculation when setting certain attributes in Field object using JavaScript (ZDI-CAN-8491/ZDI-CAN-8801/ZDI-CAN-8656/ZDI-CAN-8757/ZDI-CAN-8759/ZDI-CAN-8814). |
banananapenguin working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could crash when calling clone function due to the endless loop resulted from the confused relationships between the child and parent object caused by append error. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Null Pointer Dereference vulnerability and crash when parsing certain Epub file. This occurs because a null string is written to FXSYS_wcslen which does not support null strings. |
ADLab of Venustech |
Addressed potential issues where the application could be exposed the Use-After-Free Remote Code Execution vulnerability and crash due to the use of Field objects or control after they have been deleted or released (ZDI-CAN-8669). |
Xinru Chi of Pangu Lab |
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when calling util.printf JavaScript as the actual memory address of any variable available to the JavaScript can be extracted (ZDI-CAN-8544). |
banananapenguin working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed Out-of-Bounds Write vulnerability when users use the application in Internet Explorer because the input argument exceed the array length. |
@j00sean |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 28, 2019
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.5.0.20733 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
3D Plugin Beta |
9.5.0.20723 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could crash if users were using 3D Plugin Beta. This occurs due to the lack of proper validation of void data when parsing and rendering certain files with lost or corrupted data (CNVD-C-2019-41438). |
Wei Lei from STAR Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 18, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.10, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
8.3.9.41099 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Race Condition vulnerability when calling the proxyCPDFAction, proxyCheckLicence, proxyDoAction, proxyGetAppEdition, or proxyPreviewAction function with a large integer or long string, which could trigger a stack buffer overflow or out-of-bounds read. Attackers could leverage the vulnerability to execute arbitrary code or disclose information (CVE-2018-20309/CVE-2018-20310/ CVE-2018-20311/CVE-2018-20312/CVE-2018-20313/ CVE-2018-20314/ CVE-2018-20315/ CVE-2018-20316). |
Steven Seeley (mr_me) of Source Incite |
Addressed a potential issue where the application could be exposed to Directory Traversal vulnerability, which could lead to remote code execution. This occurs because the application mistakenly allows users to invoke certain JavaScript that is used for cPDF plugin only from the console to write local files (ZDI-CAN-7407). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Integer Overflow vulnerability and crash due to the lack of proper validation of user-supplied data when handling XFA Stuff method. Attackers could exploit this vulnerability to disclose information (ZDI-CAN-7561). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Use-After-Free vulnerability and crash when converting HTML files to PDFs, which could be leveraged by attackers to disclose information or execute remote code. This occurs due to the failure in loop termination, release of the memory which has been released before, or abnormal logic processing (ZDI-CAN-7620/ZDI-CAN-7844/ZDI-CAN-8170). |
T3rmin4t0r working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash due to the data written in “bmp_ptr->out_row_buffer” or “_JP2_Wavelet_Synthesis_Horizontal_Long” exceeds the maximum allocated when converting PDFs. (ZDI-CAN-7613/ZDI-CAN-7614/ZDI-CAN-7701). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Heap Corruption vulnerability due to the data desynchrony when adding AcroForm. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the multiple release of net::IOBufferWithSize pointer. (ZDI-CAN-7769). |
Mat Powell of Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the release of wild pointer because the Resolution memory is not allocated accordingly when the ucLevel value is changed (ZDI-CAN-7696/ZDI-CAN-7694). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability due to the use of invalid pointer copy resulting from destructed string object. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability because it did not set the document pointer as null after deleting it by invoking XFA API (ZDI-CAN-7777). |
juggernaut working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to IDN Homograph Attach vulnerability when a user clicked a fake link to open illegal address. |
Dr. Alfonso Muñoz (@mindcrypt) - Global Technical Cybersecurity Lead & Head of cybersecurity lab |
Addressed a potential issue where the application could be exposed to Cloud Drive Connection vulnerability which could allow users to freely gain access to documents on Google Drive from within the application even though it has been logged out. |
JS |
Addressed a potential issue where the application could be exposed to ISA Exploit Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. |
Vladislav Mladenov, Christian Mainka, Martin Grothe and Jörg Schwenk of the Ruhr-Universität Bochum and Karsten Meyer zu Selhausen of Hackmanit GmbH |
Addressed a potential issue where the application could be exposed to JavaScript Denial of Service vulnerability when deleting pages in a document that contains only one page by calling t.hidden = true function. |
Paolo Arnolfo (@sw33tLie) |
Addressed potential issues where the application could be exposed to Null Pointer Reference vulnerability and crash when getting PDF object from document or parsing certain portfolio that contain null dictionary. |
Xie Haikuo from Baidu Security Lab |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when embedding PDFs with invalid URL by calling put_src interface from Foxit Browser plugin in Microsoft Word. This occurs due to the use of illegal IBindStatusCallback object which has been freed (ZDI-CAN-7874). |
@j00sean working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the use of discrepant widget object which is transformed from invalid node appended (ZDI-CAN-7972). |
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability when deleting Field with the nested scripts (ZDI-CAN-8162/ZDI-CAN-8163/ZDI-CAN-8164/ZDI-CAN-8165/ZDI-CAN-8229/ZDI-CAN-8230/ZDI-CAN-8231/ZDI-CAN-8272). |
hemidallt working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.5 and Foxit PhantomPDF 9.5, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.4.1.16828 and earlier |
Windows |
Foxit PhantomPDF |
9.4.1.16828 and all previous 9.x versions, 8.3.9.41099 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Race Condition vulnerability when calling the proxyCPDFAction, proxyCheckLicence, proxyDoAction, proxyGetAppEdition, or proxyPreviewAction function with a large integer or long string, which could trigger a stack buffer overflow or out-of-bounds read. Attackers could leverage the vulnerability to execute arbitrary code or disclose information (CVE-2018-20309/CVE-2018-20310/ CVE-2018-20311/CVE-2018-20312/CVE-2018-20313/ CVE-2018-20314/ CVE-2018-20315/ CVE-2018-20316). |
Steven Seeley (mr_me) of Source Incite |
Addressed a potential issue where the application could be exposed to Directory Traversal vulnerability, which could lead to remote code execution. This occurs because the application mistakenly allows users to invoke certain JavaScript that is used for cPDF plugin only from the console to write local files (ZDI-CAN-7407). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Integer Overflow vulnerability and crash due to the lack of proper validation of user-supplied data when handling XFA Stuff method. Attackers could exploit this vulnerability to disclose information (ZDI-CAN-7561). |
Anonymous working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Use-After-Free vulnerability and crash when converting HTML files to PDFs, which could be leveraged by attackers to disclose information or execute remote code. This occurs due to the failure in loop termination, release of the memory which has been released before, or abnormal logic processing (ZDI-CAN-7620/ZDI-CAN-7844/ZDI-CAN-8170). |
T3rmin4t0r working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash due to the data written in “bmp_ptr->out_row_buffer” or “_JP2_Wavelet_Synthesis_Horizontal_Long” exceeds the maximum allocated when converting PDFs. (ZDI-CAN-7613/ZDI-CAN-7614/ZDI-CAN-7701). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Heap Corruption vulnerability due to the data desynchrony when adding AcroForm. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the multiple release of net::IOBufferWithSize pointer. (ZDI-CAN-7769). |
Mat Powell of Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the release of wild pointer because the Resolution memory is not allocated accordingly when the ucLevel value is changed (ZDI-CAN-7696/ZDI-CAN-7694). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability due to the use of invalid pointer copy resulting from destructed string object. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability because it did not set the document pointer as null after deleting it by invoking XFA API (ZDI-CAN-7777). |
juggernaut working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to IDN Homograph Attach vulnerability when a user clicked a fake link to open illegal address. |
Dr. Alfonso Muñoz (@mindcrypt) - Global Technical Cybersecurity Lead & Head of cybersecurity lab |
Addressed a potential issue where the application could be exposed to Cloud Drive Connection vulnerability which could allow users to freely gain access to documents on Google Drive from within the application even though it has been logged out. |
JS |
Addressed a potential issue where the application could be exposed to ISA Exploit Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. |
Vladislav Mladenov, Christian Mainka, Martin Grothe and Jörg Schwenk of the Ruhr-Universität Bochum and Karsten Meyer zu Selhausen of Hackmanit GmbH |
Addressed a potential issue where the application could be exposed to JavaScript Denial of Service vulnerability when deleting pages in a document that contains only one page by calling t.hidden = true function. |
Paolo Arnolfo (@sw33tLie) |
Addressed potential issues where the application could be exposed to Null Pointer Reference vulnerability and crash when getting PDF object from document or parsing certain portfolio that contain null dictionary. |
Xie Haikuo from Baidu Security Lab |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when embedding PDFs with invalid URL by calling put_src interface from Foxit Browser plugin in Microsoft Word. This occurs due to the use of illegal IBindStatusCallback object which has been freed (ZDI-CAN-7874). |
@j00sean working with Trend Micro Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the use of discrepant widget object which is transformed from invalid node appended (ZDI-CAN-7972). |
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability when deleting Field with the nested scripts (ZDI-CAN-8162/ZDI-CAN-8163/ZDI-CAN-8164/ZDI-CAN-8165/ZDI-CAN-8229/ZDI-CAN-8230/ZDI-CAN-8231/ZDI-CAN-8272). |
hemidallt working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 10, 2019
Platform: macOS
Summary
Foxit has released Foxit Reader Mac 3.2, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader Mac |
3.1.0.0111 |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability due to incorrect permission setting. Attackers could exploit this vulnerability to escalate his privileges by modifying the dynamic libraries in the PlugIns directory to execute arbitrary application. |
Antonio Zekić of INFIGO IS d.o.o. |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 15, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.9, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PhantomPDF |
8.3.8.39677 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handling certain XFA element attributes. This occurs due to the failure in calculating null-terminated character string as the string does not end up with null character correctly (CVE-2018-3956). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2018-18688/CVE-2018-18689). |
Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jorg Schwenk of the Ruhr-Universität Bochum |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability due to the use of page or pointer which has been closed or freed (ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601). |
Sebastian Apelt (@bitshifter123) working with Trend Micro's Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Remote Code Execution vulnerability and crash when parsing certain PDF files. This occurs due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object (ZDI-CAN-7353/ZDI-CAN-7423). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain images. This occurs because the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption. |
Asprose of Chengdu University of Information Technology |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to the access of null pointer when reading the TIFF data during TIFF parsing. |
Asprose of Chengdu University of Information Technology |
Addressed potential issues where the application could crash due to the lack of dereference of null pointer during PDF parsing. |
Asprose of Chengdu University of Information Technology |
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript. This occurs due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-7368). |
Anonymous working with Trend Micro's Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting HTML to PDF. This occurs due to the use of pointer which has been freed (ZDI-CAN-7369). |
Anonymous working with Trend Micro's Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability caused by the abnormality in V8 engine resulting from the parsing of non-standard parameters (ZDI-CAN-7453). |
Anonymous working with Trend Micro's Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the inconsistent row numbers resulting from inconsistent character width during control text formatting (ZDI-CAN-7576). |
Anonymous working with Trend Micro's Zero Day Initiative |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-7355). |
Anonymous working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 8, 2019
Platform: Windows
Summary
Foxit has released Foxit PDF ActiveX 5.5.1, which addresses potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit PDF ActiveX |
5.5.0 and earlier |
Windows |
Solution
Update the Foxit PDF ActiveX to the latest versions by clicking here to download the latest package from our website.
Vulnerability details
Brief |
Acknowledgement |
Addressed potential issues where the application could be exposed to Command Injection Remote Code Execution Vulnerability. This occurs due to ActiveX not having a security permission control, which may allow JavaScript, LauchURL actions and Links to execute binary files/programs without prompting user for consent. (CVE-2018-19418/CVE-2018-19445/CVE-2018-19450/ CVE-2018-19451). |
Steven Seeley (mr_me) of Source Incite |
Addressed potential issues where the application could be exposed to Illegally Write Remote Code Execution Vulnerability. This occurs due to ActiveX not having a security permission control, which may allow JavaScript and exportAsFDF to write any type of files to any location without the user's consent (CVE-2018-19446/ CVE-2018-19449). |
Steven Seeley (mr_me) of Source Incite |
Addressed a potential issue where the application could be exposed to string1 URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability. This occurs due to lack of a maximum length limit for the URL where a long URL string will cause stack overflow when parsing (CVE-2018-19447). |
Steven Seeley (mr_me) of Source Incite |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution Vulnerability. This occurs when a javascript command is triggered by a mouse enter action or a focus lost which deletes the current annotation, and causes it to reference the released memory (CVE-2018-19452/ CVE-2018-19444). |
Steven Seeley (mr_me) of Source Incite |
Addressed a potential issue where the application could be exposed to Uninitialized Object Remote Code Execution Vulnerability. This occurs due to the fact that the timer does not end when the form loses focus, which causes subsequent code to reference uninitialized objects (CVE-2018-19448). |
Steven Seeley (mr_me) of Source Incite |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 3, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.4 and Foxit PhantomPDF 9.4, which address potential security and stability issues.
Affected versions
Product |
Affected versions |
Platform |
Foxit Reader |
9.3.0.10826 and earlier |
Windows |
Foxit PhantomPDF |
9.3.0.10826 and all previous 9.x versions, 8.3.8.39677 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
Brief |
Acknowledgement |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handling certain XFA element attributes. This occurs due to the failure in calculating null-terminated character string as the string does not end up with null character correctly (CVE-2018-3956). |
Aleksandar Nikolic of Cisco Talos |
Addressed potential issues where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2018-18688/CVE-2018-18689). |
Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jorg Schwenk of the Ruhr-Universität Bochum |
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability due to the use of page or pointer which has been closed or freed (ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601). |
Sebastian Apelt (@bitshifter123) working with Trend Micro's Zero Day Initiative |
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Remote Code Execution vulnerability and crash when parsing certain PDF files. This occurs due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object (ZDI-CAN-7353/ZDI-CAN-7423). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain images. This occurs because the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption. |
Asprose of Chengdu University of Information Technology |
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to the access of null pointer when reading the TIFF data during TIFF parsing. |
Asprose of Chengdu University of Information Technology |
Addressed potential issues where the application could crash due to the lack of dereference of null pointer during PDF parsing. |
Asprose of Chengdu University of Information Technology |
Addressed a potential issue where the application could be exposed to Use-After |