A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Here is information on some enhancements that make our software even more robust.
Please click here to report a potential security vulnerability.
Please click here to check security advisories.
Get notified of Foxit PDF Editor releases and security bulletins
Release date: August 26, 2021
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 10.1.5, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
10.1.4.37651 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
xina1i |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function. |
Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China |
|
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation (CVE-2021-21831, CVE-2021-21870, CVE-2021-34831, CVE-2021-34832, CVE-2021-34847). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents. |
Hou JingYi (@hjy79425575) |
|
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (CVE-2021-34852, CVE-2021-34834, CVE-2021-34835, CVE-2021-34851, CVE-2021-34836, CVE-2021-34837, CVE-2021-34838, CVE-2021-34839, CVE-2021-34840, CVE-2021-34841, CVE-2021-34833, CVE-2021-34842, CVE-2021-34843, CVE-2021-34844, CVE-2021-34845, CVE-2021-34853). |
Xu Peng from UCAS and Wang Yanhao from QiAnXin
Technology Research Institute working with
Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion. |
Milan Kyselica |
|
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 27, 2021
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 11.0.1 and Foxit PDF Editor 11.0.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF Reader (previously named Foxit Reader) |
11.0.0.49893 and earlier |
Windows |
|
Foxit PDF Editor (previously named Foxit PhantomPDF) |
11.0.0.49893, 10.1.4.37651 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
xina1i |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function. |
Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China |
|
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation ( CVE-2021-21831, CVE-2021-21870, CVE-2021-34831, CVE-2021-34832, CVE-2021-34847, CVE-2021-34850, CVE-2021-34849, CVE-2021-34848). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents. |
Hou JingYi (@hjy79425575) |
|
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (CVE-2021-34852, CVE-2021-34834, CVE-2021-34835, CVE-2021-34851, CVE-2021-34836, CVE-2021-34837, CVE-2021-34838, CVE-2021-34839, CVE-2021-34840, CVE-2021-34841, CVE-2021-34833, CVE-2021-34842, CVE-2021-34843, CVE-2021-34844, CVE-2021-34845, CVE-2021-34853). |
Xu Peng from UCAS and Wang Yanhao from QiAnXin
Technology Research Institute working with
Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion. |
Milan Kyselica |
|
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 27, 2021
Platform: macOS
Summary
Foxit has released Foxit PDF Editor Mac 11.0.1 and Foxit PDF Reader Mac 11.0.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF Editor Mac (previously named Foxit PhantomPDF Mac) |
11.0.0.0510 and earlier |
macOS |
|
Foxit PDF Reader Mac (previously named Foxit Reader Mac) |
11.0.0.0510 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Null Pointer Reference Denial of Service vulnerability and crash. This is caused by memory corruption due to the lack of proper validation when handling certain PDF files whose dictionary entries are missing (CNVD-C-2021-95204). |
China National Vulnerability Database |
|
Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts. This occurs due to the use or access of memory or object that has been freed without proper validation (CVE-2021-21831, CVE-2021-34832). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data. |
Milan Kyselica |
|
Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (CVE-2021-34846). |
ZhangJiaxing(@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2021
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.4 and Foxit PhantomPDF 10.1.4, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
10.1.3.37598 and earlier |
Windows |
|
Foxit PhantomPDF |
10.1.3.37598 and all previous 10.x versions, 9.7.5.29616 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats. This occurs due to the access violation, which could be exploited by attackers to execute remote code. |
Ariele Caltabiano (kimiya) |
|
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects. This is caused by stack overflow as there are too many levels or dead loops during the recursive call of functions (CNVD-C-2020-186243/CNVD-C-2020-186246/CNVD-C-2020-186244/CNVD-C-2020-186248/CNVD-C-2020-186237). |
China National Vulnerability Database |
|
Addressed potential issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation (CNVD-C-2020-305224/CNVD-C-2020-305182/CNVD-C-2020-305095/EIP-2018-0045/CNVD-C-2020-305100/CVE-2021-31461/CVE-2021-31476). |
Xinyu Wan, Yiwei Zhang, and Wei You from
Renmin University of China |
|
Addressed a potential issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control. Local attackers could exploit this vulnerability to create a symbolic link and cause arbitrary files to be deleted once the application is uninstalled by an admin user. |
Dhiraj Mishra (@RandomDhiraj) |
|
Addressed a potential issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures. This occurs as the application gets the certificate name in an incorrect order and displays the document owner as the signature author by mistake. |
Thore Hendrikson |
|
Addressed potential issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. This occurs due to the improper behavior while loading libraries, including loading the libraries in the installation directory as precedence when loading system libraries, loading the libraries that are disguised as system libraries in the installation folder without proper validation, and failing to use the fully qualified paths when loading external libraries (CNVD-C-2021-68000/CNVD-C-2021-68502). |
mnhFly of Aurora Infinity WeiZhen Security
Team |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation (CVE-2021-31452/CVE-2021-31473). |
mnhFly of Aurora Infinity WeiZhen Security
Team |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. This occurs due to the access of an array whose size is not enough to accommodate the data. |
xina1i |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash when converting certain PDF files to Microsoft Office files. This occurs as the PDF object data defined in the Cross-Reference Table is corrupted. |
Haboob Lab |
|
Addressed potential issues where the
application could be exposed to Use-after-Free
Remote Code Execution vulnerability and crash
when handling certain XFA forms or annotation
objects. This occurs due to the use or access
of the objects that have been released or
deleted
(CVE-2021-31441/CVE-2021-31450/CVE-2021-31453/CVE-2021-31451/CVE-2021-31455/CVE-2021-31456/CVE-2021-31457/CVE-2021-31458/CVE-2021-31459/CVE-2021-31460/CVE-2021-21822). |
Yongil Lee and Wonyoung Jung of Diffense |
|
Addressed potential issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts. This occurs as the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions (EIP-2018-0046/EIP-2019-0006/EIP-2019-0007). |
Exodus Intelligence |
|
Addressed potential issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability. Attackers could exploit this vulnerability to insert or delete databases by inserting codes at the end of the strings (EIP-2018-0057/EIP-2018-0080/EIP-2018-0081). |
Exodus Intelligence |
|
Addressed a potential issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash. This occurs due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms. |
Yongil Lee and Wonyoung Jung of Diffense |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute (CVE-2021-31454). |
Yongil Lee and Wonyoung Jung of Diffense |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2021
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.4.37623 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
10.1.3.37598 and all previous 10.x versions, 9.7.4.29600 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1 or higher, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write, Use-After-Free, or Double Free vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of illogical data range when handling certain U3D objects embedded in PDF files. (CVE-2021-31469/CVE-2021-31470/CVE-2021-31471/CVE-2021-31472/CVE-2021-31442/CVE-2021-31443/CVE-2021-31444/CVE-2021-31445/CVE-2021-31446/CVE-2021-31447/CVE-2021-31448/CVE-2021-31449/CVE-2021-31467/CVE-2021-31468/CVE-2021-31466/CVE-2021-31465/CVE-2021-31464/CVE-2021-31463/CVE-2021-31462). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: Apr 20, 2021
Platform: Web
Summary
Foxit has a new version of Foxit Studio Photo 3.6.6.934, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Studio Photo |
3.6.6.933 and earlier |
Windows |
Solution
Update Foxit Studio Photo to the latest versions by following the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where remote attackers to execute arbitrary code on the application. This is caused by an uninitialized variable(CVE-2021-31435). |
Francis Provencher {PRL} working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the ARW, JPM, JP2 file's parser. (CVE-2021-31433/ CVE-2021-31434/ CVE-2021-31437). |
Wenguang Jiao working with Trend Micro Zero
Day Initiative |
|
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the parser of the SGI file. (CVE-2021-31436). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where remote attackers to execute arbitrary code on the application. There is a potential problem with overwriting buffers in the parser of the PSP file. (CVE-2021-31438) |
Francis Provencher {PRL} working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 31, 2021
Platform: Web
Summary
Foxit has released Foxit PDF SDK for Web 7.6.0, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF SDK for Web |
7.5.0 and earlier |
Web |
Solution
Vulnerability details
|
Brief |
Acknowledgement |
|
Fixed a cross-site scripting security where the JavaScript app.alert() message was taken as HTML code, injected into HTML DOM and execute. |
Luigi Gubello |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 22, 2021
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.3 and Foxit PhantomPDF 10.1.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
10.1.1.37576 and earlier |
Windows |
|
Foxit PhantomPDF |
10.1.1.37576 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the improper release of resources when parsing certain JPEG2000 files (CVE-2021-27270). |
cece working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: March 22, 2021
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.3.37598 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
10.1.1.37576 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1 or higher, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Use-After-Free, or Memory Corruption vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs when working with certain PDF files that contain 3D objects due to a parse error as the data format recorded in the PDF file is not consistent with the actual one (CVE-2021-27261/CVE-2021-27262/CVE-2021-27263/CVE-2021-27264/CVE-2021-27265/CVE-2021-27266/CVE-2021-27267/CVE-2021-27268/CVE-2021-27271). |
Mat Powell of Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code. This occurs when parsing certain PDF files that contain 3D objects as the number of KeyFrames defined in MOTIONRESOURCE (0xffffff56) block does not match the actual one written (CVE-2021-27269). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: February 2, 2021
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 4.1.3 and Foxit Reader Mac 4.1.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF Mac |
4.1.1.1123 and earlier |
macOS |
|
Foxit Reader Mac |
4.1.1.1123 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 30, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.5 , which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
9.7.4.29600 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash while processing certain XFA templates. This occurs during the process of modifying control attributes and appending nodes as the application fails to validate and uses certain type of object that is explicitly converted from a wrong layout object created by the appended template node (CVE-2020-27860). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
|
Addressed a potential issue where the application could be exposed to Type Confusion Memory Corruption or Remote Code Execution vulnerability and crash due to the lack of proper validation when an incorrect argument was passed to the app.media.openPlayer function defined in PDF JavaScript API (CVE-2020-13547). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript in a PDF file. This occurs due to the access or use of pointer or object that has been removed after calling certain JavaScript functions (CVE-2020-13548/CVE-2020-13557/CVE-2020-13560/CVE-2020-13570). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when opening certain PDF files that contained illegal value in the /Size entry of the Trail dictionary. This occurs due to the array overflow as the illegal value in the /Size entry causes an error in initializing the array size for storing the compression object streams, and an object number which is larger than the initialization value is used as the array index while parsing the cross-reference streams (CVE-2020-28203). |
Sanjeev Das (IBM Research) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 9, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1.1 and Foxit PhantomPDF 10.1.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
10.1.0.37527 and earlier |
Windows |
|
Foxit PhantomPDF |
10.1.0.37527 and all previous 10.x versions, 9.7.4.29600 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash while processing certain XFA templates. This occurs during the process of modifying control attributes and appending nodes as the application fails to validate and uses certain type of object that is explicitly converted from a wrong layout object created by the appended template node (CVE-2020-27860). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered. This occurs as the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. |
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk |
|
Addressed a potential issue where the application could be exposed to Type Confusion Memory Corruption or Remote Code Execution vulnerability and crash due to the lack of proper validation when an incorrect argument was passed to the app.media.openPlayer function defined in PDF JavaScript API (CVE-2020-13547). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript in a PDF file. This occurs due to the access or use of pointer or object that has been removed after calling certain JavaScript functions (CVE-2020-13548/CVE-2020-13557/CVE-2020-13560/CVE-2020-13570). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash when opening certain PDF files that contained illegal value in the /Size entry of the Trail dictionary. This occurs due to the array overflow as the illegal value in the /Size entry causes an error in initializing the array size for storing the compression object streams, and an object number which is larger than the initialization value is used as the array index while parsing the cross-reference streams (CVE-2020-28203). |
Sanjeev Das (IBM Research) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 20, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.4, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
9.7.3.29555 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash when executing JavaScript in certain AcroForm. This occurs due to the use of Opt object after it has been deleted by calling Field::ClearItems method while executing Field::DeleteOptions method. |
Hung Tien Tran @hungtt28 |
|
Addressed a potential issue where the application could be exposed to Write/Read Access Violation vulnerability and crash. This occurs due to the exception thrown by the V8 JavaScript engine, which is resulted from the failure to properly handle the situation where the Index returned during the allocation of thread local storage by TslAlloc function exceeds the limits acceptable by the V8 JavaScript engine. |
John Stigerwalt |
|
Addressed potential issues where the application could be exposed to Null Pointer Access/Dereference vulnerability and crash when opening certain specially crafted PDF. This occurs due to the access or reference of the null pointer without proper validation (CNVD-C-2020-169904/CNVD-C-2020-186241/CNVD-C-2020-186245). |
John Stigerwalt |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing certain JPEG2000 images. This occurs because the application fails to release memory correctly based on the memory block information (CVE-2020-17410). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash. This occurs during the handling of Shading because the number of outputs calculated by function does not match the number of color components in the Shading directory’s color space. |
Nafiez, Fakhrie and Yeh of TomatoDuck Fuzzing Group |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability when parsing certain JPEG2000 images due to the incorrect read and write of memory at invalid address (CVE-2020-17416). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability during installation. This occurs as the application does not use the absolute path to find taskkill.exe but firstly finds and executes the one in the current working directory. |
Dhiraj Mishra (@RandomDhiraj) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash. This occurs due to the use of /V item which is deleted after being interpreted as the action executed during validation when it exists in both Additional Action and Field dictionaries but shares different interpretations (CNVD-C-2020-169907). |
China National Vulnerability Database |
|
Addressed a potential issue where the application could be exposed to Universal Signature Forgery vulnerability and deliver incorrect validation results when validating digital signatures in certain PDF files. This occurs as the application fails to perform cryptographic validation of signatures correctly, which could be exploited by attackers to forge arbitrary signatures on arbitrary files and deceive the validator. |
Matthias Valvekens |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 20, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.4.29600 for Foxit PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.7.3.29555 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Stack-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of data when parsing certain U3D object that contains incorrect data stream (CNVD-C-2020-73515/CNVD-C-2020-73509/CVE-2020-17411/CVE-2020-17412/CVE-2020-17413). |
China National Vulnerability Database |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 9, 2020
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac and Foxit Reader Mac 4.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF Mac |
4.0.0.0430 and earlier |
macOS |
|
Foxit Reader Mac |
4.0.0.0430 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Code Injection or Information Disclosure vulnerability because it did not enable Hardened Runtime capability during code signing. |
Hou JingYi (@hjy79425575) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 28, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.1 and Foxit PhantomPDF 10.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
10.0.1.35811 and earlier |
Windows |
|
Foxit PhantomPDF |
10.0.1.35811, 10.0.0.35798, 9.7.3.29555 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability and crash when executing JavaScript in certain AcroForm. This occurs due to the use of Opt object after it has been deleted by calling Field::ClearItems method while executing Field::DeleteOptions method. |
Hung Tien Tran @hungtt28 |
|
Addressed a potential issue where the application could be exposed to Write/Read Access Violation vulnerability and crash. This occurs due to the exception thrown by the V8 JavaScript engine, which is resulted from the failure to properly handle the situation where the Index returned during the allocation of thread local storage by TslAlloc function exceeds the limits acceptable by the V8 JavaScript engine. |
John Stigerwalt |
|
Addressed potential issues where the application could be exposed to Null Pointer Access/Dereference vulnerability and crash when opening certain specially crafted PDF. This occurs due to the access or reference of the null pointer without proper validation (CNVD-C-2020-169904/CNVD-C-2020-186241/CNVD-C-2020-186245). |
John Stigerwalt |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when parsing certain JPEG2000 images. This occurs because the application fails to release memory correctly based on the memory block information (CVE-2020-17410). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Incorrect Permission Assignment Privilege Escalation vulnerability, which could be exploited by attackers to execute an arbitrary program. This occurs due to the incorrect permission set on a resource used by Foxit update service (CVE-2020-17414/CVE-2020-17415). |
@Kharosx0 working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash. This occurs during the handling of Shading because the number of outputs calculated by function does not match the number of color components in the Shading directory’s color space. |
Nafiez, Fakhrie and Yeh of TomatoDuck Fuzzing Group |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability when parsing certain JPEG2000 images due to the incorrect read and write of memory at invalid address (CVE-2020-17416). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability during installation. This occurs as the application does not use the absolute path to find taskkill.exe but firstly finds and executes the one in the current working directory. |
Dhiraj Mishra (@RandomDhiraj) |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash. This occurs due to the use of /V item which is deleted after being interpreted as the action executed during validation when it exists in both Additional Action and Field dictionaries but shares different interpretations (CNVD-C-2020-169907). |
China National Vulnerability Database |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability and crash due to the lack of proper validation of the input data when triggering Doc.getNthFieldName method (CVE-2020-17417). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Universal Signature Forgery vulnerability and deliver incorrect validation results when validating digital signatures in certain PDF files. This occurs as the application fails to perform cryptographic validation of signatures correctly, which could be exploited by attackers to forge arbitrary signatures on arbitrary files and deceive the validator. |
Matthias Valvekens |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 28, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 10.1.0.37494 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
10.0.1.35811, 10.0.0.35737, 9.7.3.29555 and earlier |
Windows |
Solution
Update your Foxit Reader or PhantomPDF to version 10.1, and then install the latest version of the 3D Plugin Beta by following one of the methods below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Stack-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the lack of proper validation of data when parsing certain U3D object that contains incorrect data stream (CNVD-C-2020-73515/CNVD-C-2020-73509/CVE-2020-17411/CVE-2020-17412/CVE-2020-17413). |
China National Vulnerability Database |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 31, 2020
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 9.7.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
9.7.2.29539 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability and crash. This occurs as the application directly transforms the PDF Object as PDF Stream for further actions without proper validation when verifying the information in a crafted XObject (CVE-2020-11493). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the application mistakenly uses the index of the original text string to recognize links after the original text string is divided into two pieces during text string layout (CVE-2020-12247). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the access of illegal memory when loading certain webpage (CVE-2020-15637). |
Mat Powell of Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash. This occurs due to the application fails to execute a fault-tolerance mechanism when processing the dirty data in the image resources (CVE-2020-12248). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash due to the access of array whose length is larger than its initial length (CVE-2020-15638). |
Rene Freingruber (@ReneFreingruber) and Patrick Wollgast working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 31, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 10.0.1 and Foxit PhantomPDF 10.0.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
10.0.0.35798 and earlier |
Windows |
|
Foxit PhantomPDF |
10.0.0.35798, 9.7.2.29539 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability and crash. This occurs as the application directly transforms the PDF Object as PDF Stream for further actions without proper validation when verifying the information in a crafted XObject (CVE-2020-11493). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the application mistakenly uses the index of the original text string to recognize links after the original text string is divided into two pieces during text string layout (CVE-2020-12247). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the access of illegal memory when loading certain webpage (CVE-2020-15637). |
Mat Powell of Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash. This occurs due to the application fails to execute a fault-tolerance mechanism when processing the dirty data in the image resources (CVE-2020-12248). |
Steven Seeley of Qihoo 360 Vulcan Team |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash due to the access of array whose length is larger than its initial length (CVE-2020-15638). |
Rene Freingruber (@ReneFreingruber) and Patrick Wollgast working with Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 6, 2020
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac and Foxit Reader Mac 4.0, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF Mac |
3.4.0.1012 and earlier |
macOS |
|
Foxit Reader Mac |
3.4.0.1012 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2020-9592/CVE-2020-9596). |
Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 9.7.2 and Foxit PhantomPDF 9.7.2, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.7.1.29511 and earlier |
Windows |
|
Foxit PhantomPDF |
9.7.1.29511 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Type Confusion or Arbitrary File Write Remote Code Execution vulnerability and crash. This occurs during the handling of app.opencPDFWebPage JavaScript due to the lack of proper validation of parameters in socket message (ZDI-CAN-9828/ZDI-CAN-9829/ZDI-CAN-9830/ZDI-CAN-9831/ZDI-CAN-9865/ZDI-CAN-9942/ZDI-CAN-9943/ZDI-CAN-9944/ZDI-CAN-9945/ZDI-CAN-9946) |
Anonymous working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability if users were using the DocuSign plugin. This occurs because the username and password are hardcoded in the DocuSign plugin during an HTTP request. |
David Cook |
|
Addressed a potential issue where the application could be exposed to Brute-force Attack vulnerability as the CAS service did not limit the times of user login failures. |
Hassan Personal |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing certain XFA template or AcroForm due to the use of objects which had been freed (ZDI-CAN-10132/ZDI-CAN-10142/ZDI-CAN-10614/ZDI-CAN-10650). |
hungtt28 of Viettel Cyber Security working
with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when working with certain malicious PDF file. This occurs as the application continues to execute JavaScript to open a document without proper validation after the page is deleted or the document is closed. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
|
Addressed potential issues where the application could be exposed to Circular Reference vulnerability and got stuck in a dead loop when working with certain PDF file. This occurs due to the lack of a circular reference verification mechanism when processing actions that contain circular reference. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
|
Addressed a potential issue where the application could be exposed to Infinite Loop or Out-of-Memory vulnerability and crash when parsing certain PDF file that contains irregular data in cross-reference stream or lengthy character strings in the content stream. |
J. Müller, D. Noss, C. Mainka, V. Mladenov, J. Schwenk |
|
Addressed a potential issue where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2020-9592/CVE-2020-9596). |
Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jorg Schwenk |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2020
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.2.29539 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.7.1.29511 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Heap-based Buffer Overflow vulnerability if users were using 3D Plugin Beta, which could be exploited by attackers to disclose information or execute remote codes. This occurs due to the lack of proper validation of data when parsing certain file with incorrect 3D annotation data (ZDI-CAN-10189/ZDI-CAN-10190/ZDI-CAN-10191/ZDI-CAN-10192/ZDI-CAN-10193/ZDI-CAN-10195/ZDI-CAN-10461/ZDI-CAN-10462/ZDI-CAN-10463/ZDI-CAN-10464/ZDI-CAN-10568). |
Mat Powell of Trend Micro Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 16, 2020
Platform: Windows
Summary
Foxit has released Foxit Reader 9.7.1 and Foxit PhantomPDF 9.7.1, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.7.0.29478 and earlier |
Windows |
|
Foxit PhantomPDF |
9.7.0.29455 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Integer Overflow or Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when parsing certain JPEG/JPG2000 images or JP2 streams inside PDF files. This is caused by memory allocation mistake or overflow which results in memory access violation (ZDI-CAN-9102/ZDI-CAN-9606/ZDI-CAN-9407/ZDI-CAN-9413/ZDI-CAN-9414/ZDI-CAN-9415/ZDI-CAN-9406/ZDI-CAN-9416). |
Natnael Samson (@NattiSamson) working with
Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handling watermarks, AcroForm objects, text field or JavaScript field objects in PDF files due to the use of objects after it had been freed without proper validation (ZDI-CAN-9358/ZDI-CAN-9640/ZDI-CAN-9400/CVE-2019-5126/CVE-2019-5131/CVE-2019-5130/CVE-2019-5145/ZDI-CAN-9862). |
mrpowell of Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Write or Use-After-Free Remote Code Execution vulnerability and crash when converting HTML files to PDFs due to memory access violation during the loading and rendering of webpages (ZDI-CAN-9591/ZDI-CAN-9560). |
rgod of 9sg working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability due to the use of uninitialized pointer without proper validation when processing certain documents whose dictionary was missing. |
rwxcode of nsfocus security team |
|
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash due to looped indirect object reference. |
Michael Heinzl |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 5, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.12, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.11.45106 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash due to the unexpected error or out-of-memory in V8 Engine when executing certain JavaScript (CVE-2019-5031/CVE-2019-13123/CVE-2019-13124/ZDI-CAN-8692). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when deleting Field with the nested scripts (ZDI-CAN-8864/ZDI-CAN-8888/ZDI-CAN-8913/ZDI-CAN-9044/ZDI-CAN-9081). |
Anonymous working with Trend Micro Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash when parsing TIFF files as the application failed to set decoding information for images properly (ZDI-CAN-8695/ZDI-CAN-8742). |
Zak Rogness working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting JPG file to PDF due to array access violation (ZDI-CAN-8838). |
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
ADLab of Venustech |
|
Addressed potential issues where the application could crash when parsing certain files. This occurs because the application creates data for each page in application level, which causes the memory of application reach to the maximum. |
ADLab of Venustech |
|
Addressed a potential issue where the application could be exposed to Stack Exhaustion vulnerability and crash due to the nested calling of functions when parsing XML files. |
ADLab of Venustech |
|
Addressed potential issues where the application could crash when parsing certain file data due to the access of null pointer without proper validation. |
ADLab of Venustech |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the access of objects which has been deleted or released (ZDI-CAN-9091/ZDI-CAN-9149). |
RockStar working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Access Violation vulnerability and crash when it was launched on the condition that there was no enough memory in the current system (CVE-2019-17183). |
K.K.Senthil Velan of Zacco Cybersecurity Research Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 16, 2019 (Foxit PhantomPDF 9.7) / September 29, 2019 (Foxit Reader 9.7)
Platform: Window s
Summary
Foxit has released Foxit Reader 9.7 and Foxit PhantomPDF 9.7, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.6.0.25114 and earlier |
Windows |
|
Foxit PhantomPDF |
9.6.0.25114 and all previous 9.x versions, 8.3.11.45106 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Remote Code Execution vulnerability and crash due to the unexpected error or out-of-memory in V8 Engine when executing certain JavaScript (CVE-2019-5031/CVE-2019-13123/CVE-2019-13124/ZDI-CAN-8692). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when deleting Field with the nested scripts (ZDI-CAN-8864/ZDI-CAN-8888/ZDI-CAN-8913/ZDI-CAN-9044/ZDI-CAN-9081). |
Anonymous working with Trend Micro Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash when parsing TIFF files as the application failed to set decoding information for images properly (ZDI-CAN-8695/ZDI-CAN-8742). |
Zak Rogness working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting JPG file to PDF due to array access violation (ZDI-CAN-8838). |
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
ADLab of Venustech |
|
Addressed potential issues where the application could crash when parsing certain files. This occurs because the application creates data for each page in application level, which causes the memory of application reach to the maximum. |
ADLab of Venustech |
|
Addressed a potential issue where the application could be exposed to Stack Exhaustion vulnerability and crash due to the nested calling of functions when parsing XML files. |
ADLab of Venustech |
|
Addressed potential issues where the application could crash when parsing certain file data due to the access of null pointer without proper validation. |
ADLab of Venustech |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the access of objects which has been deleted or released (ZDI-CAN-9091/ZDI-CAN-9149). |
RockStar working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Access Violation vulnerability and crash when it was launched on the condition that there was no enough memory in the current system (CVE-2019-17183). |
K.K.Senthil Velan of Zacco Cybersecurity Research Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 15, 2019
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 3.4, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF Mac |
3.3.0.0709 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash due to the dereference of null pointer. |
Wenchao Li of [email protected] |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 29, 2019
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.7.0.29430 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.6.0.25108 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write and Null Pointer Dereference vulnerability if users were using 3D Plugin Beta. This occurs due to the lack of proper validation of incorrect image data when parsing certain files with incorrect image information. |
ADLab of Venustech |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 15, 2019
Platform: Windows
Summary
Foxit has released the upgrade package for Foxit Reader (EXE package) 9.6, which addresses a potential security and stability issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Upgrade package for Foxit Reader (EXE package) |
9.6.0.25114 |
Windows |
Solution
Users who update Foxit Reader to the latest version after August 15, 2019 will not be affected. If you have enabled the Safe Reading Mode in the older version and updated Foxit Reader to Version 9.6.0.25114 before August 15, 2019, please go to File > Preferences > Trust Manager to check and enable the Safe Reading Mode.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the Safe Reading Mode could be disabled when users updating Foxit Reader from within the application, which could be exploited by attackers to execute unauthorized action or data transmission. This occurs because the registry configuration is deleted and not applied during update. |
Haifei Li of McAfee |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 19, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.11, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.10.42705 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could crash when calling xfa.event.rest XFA JavaScript due to the access of wild pointer. |
Hui Gao of Palo Alto Networks |
|
Addressed potential issues where the application could crash when calling certain XFA JavaScript due to the use or access of null pointer without proper validation on the object. |
Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could crash due to array access violation during XFA layout. This occurs because the original node object contains one more contentArea object than that in XFA layout, which exceed the array size during traversal. |
Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when processing AcroForms. This occurs because additional event is triggered to delete ListBox and ComboBox Field when trying to delete the items in ListBox and ComboBox Field by calling deleteItemAt method (ZDI-CAN-8295). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Stack Buffer Overrun vulnerability and crash. This occurs because the maximum length in For loop is not updated correspondingly when all the Field APs are updated after executing Field related JavaScript. |
xen1thLabs |
|
Addressed a potential issue where the application could crash due to the repeated release of signature dictionary during CSG_SignatureF and CPDF_Document destruction. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could crash due to the lack of proper validation of the existence of an object prior to performing operations on the object when executing JavaScript. |
Hui Gao of Palo Alto Networks |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability. This occurs because Field object is deleted during parameter calculation when setting certain attributes in Field object using JavaScript (ZDI-CAN-8491/ZDI-CAN-8801/ZDI-CAN-8656/ZDI-CAN-8757/ZDI-CAN-8759/ZDI-CAN-8814). |
banananapenguin working with Trend Micro Zero
Day Initiative |
|
Addressed a potential issue where the application could crash when calling clone function due to the endless loop resulted from the confused relationships between the child and parent object caused by append error. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Null Pointer Dereference vulnerability and crash when parsing certain Epub file. This occurs because a null string is written to FXSYS_wcslen which does not support null strings. |
ADLab of Venustech |
|
Addressed potential issues where the application could be exposed the Use-After-Free Remote Code Execution vulnerability and crash due to the use of Field objects or control after they have been deleted or released (ZDI-CAN-8669). |
Xinru Chi of Pangu Lab |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when calling util.printf JavaScript as the actual memory address of any variable available to the JavaScript can be extracted (ZDI-CAN-8544). |
banananapenguin working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed Out-of-Bounds Write vulnerability when users use the application in Internet Explorer because the input argument exceed the array length. |
@j00sean |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 15, 2019
Platform: macOS
Summary
Foxit has released Foxit PhantomPDF Mac 3.3 and Foxit Reader Mac 3.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF Mac |
3.2.0.0404 and earlier |
macOS |
|
Foxit Reader Mac |
3.2.0.0404 and earlier |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash due to the use of null pointer without proper validation. |
Xinru Chi of Pangu Lab |
|
Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability due to the mutual reference between ICCBased color space and Alternate color space. |
Xinru Chi of Pangu Lab |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 4, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.6 and Foxit PhantomPDF 9.6, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.5.0.20723 and earlier |
Windows |
|
Foxit PhantomPDF |
9.5.0.20723 and all previous 9.x versions, 8.3.10.42705 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could crash when calling xfa.event.rest XFA JavaScript due to the access of wild pointer. |
Hui Gao of Palo Alto Networks |
|
Addressed potential issues where the application could crash when calling certain XFA JavaScript due to the use or access of null pointer without proper validation on the object. |
Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could crash due to array access violation during XFA layout. This occurs because the original node object contains one more contentArea object than that in XFA layout, which exceed the array size during traversal. |
Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when processing AcroForms. This occurs because additional event is triggered to delete ListBox and ComboBox Field when trying to delete the items in ListBox and ComboBox Field by calling deleteItemAt method (ZDI-CAN-8295). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Stack Buffer Overrun vulnerability and crash. This occurs because the maximum length in For loop is not updated correspondingly when all the Field APs are updated after executing Field related JavaScript. |
xen1thLabs |
|
Addressed a potential issue where the application could crash due to the repeated release of signature dictionary during CSG_SignatureF and CPDF_Document destruction. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could crash due to the lack of proper validation of the existence of an object prior to performing operations on the object when executing JavaScript. |
Hui Gao of Palo Alto Networks |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability. This occurs because Field object is deleted during parameter calculation when setting certain attributes in Field object using JavaScript (ZDI-CAN-8491/ZDI-CAN-8801/ZDI-CAN-8656/ZDI-CAN-8757/ZDI-CAN-8759/ZDI-CAN-8814). |
banananapenguin working with Trend Micro Zero
Day Initiative |
|
Addressed a potential issue where the application could crash when calling clone function due to the endless loop resulted from the confused relationships between the child and parent object caused by append error. |
Qi Deng, Taojie Wang, Zhaoyan Xu, Vijay Prakash, Hui Gao of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Null Pointer Dereference vulnerability and crash when parsing certain Epub file. This occurs because a null string is written to FXSYS_wcslen which does not support null strings. |
ADLab of Venustech |
|
Addressed potential issues where the application could be exposed the Use-After-Free Remote Code Execution vulnerability and crash due to the use of Field objects or control after they have been deleted or released (ZDI-CAN-8669). |
Xinru Chi of Pangu Lab |
|
Addressed a potential issue where the application could be exposed to Information Disclosure vulnerability when calling util.printf JavaScript as the actual memory address of any variable available to the JavaScript can be extracted (ZDI-CAN-8544). |
banananapenguin working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed Out-of-Bounds Write vulnerability when users use the application in Internet Explorer because the input argument exceed the array length. |
@j00sean |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 28, 2019
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.5.0.20733 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.5.0.20723 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could crash if users were using 3D Plugin Beta. This occurs due to the lack of proper validation of void data when parsing and rendering certain files with lost or corrupted data (CNVD-C-2019-41438). |
Wei Lei from STAR Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 18, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.10, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.9.41099 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Race Condition vulnerability when calling the proxyCPDFAction, proxyCheckLicence, proxyDoAction, proxyGetAppEdition, or proxyPreviewAction function with a large integer or long string, which could trigger a stack buffer overflow or out-of-bounds read. Attackers could leverage the vulnerability to execute arbitrary code or disclose information (CVE-2018-20309/CVE-2018-20310/ CVE-2018-20311/CVE-2018-20312/CVE-2018-20313/ CVE-2018-20314/ CVE-2018-20315/ CVE-2018-20316). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed a potential issue where the application could be exposed to Directory Traversal vulnerability, which could lead to remote code execution. This occurs because the application mistakenly allows users to invoke certain JavaScript that is used for cPDF plugin only from the console to write local files (ZDI-CAN-7407). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Integer Overflow vulnerability and crash due to the lack of proper validation of user-supplied data when handling XFA Stuff method. Attackers could exploit this vulnerability to disclose information (ZDI-CAN-7561). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Use-After-Free vulnerability and crash when converting HTML files to PDFs, which could be leveraged by attackers to disclose information or execute remote code. This occurs due to the failure in loop termination, release of the memory which has been released before, or abnormal logic processing (ZDI-CAN-7620/ZDI-CAN-7844/ZDI-CAN-8170). |
T3rmin4t0r working with Trend Micro Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash due to the data written in “bmp_ptr->out_row_buffer” or “_JP2_Wavelet_Synthesis_Horizontal_Long” exceeds the maximum allocated when converting PDFs. (ZDI-CAN-7613/ZDI-CAN-7614/ZDI-CAN-7701). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Heap Corruption vulnerability due to the data desynchrony when adding AcroForm. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the multiple release of net::IOBufferWithSize pointer. (ZDI-CAN-7769). |
Mat Powell of Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the release of wild pointer because the Resolution memory is not allocated accordingly when the ucLevel value is changed (ZDI-CAN-7696/ZDI-CAN-7694). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability due to the use of invalid pointer copy resulting from destructed string object. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability because it did not set the document pointer as null after deleting it by invoking XFA API (ZDI-CAN-7777). |
juggernaut working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to IDN Homograph Attach vulnerability when a user clicked a fake link to open illegal address. |
Dr. Alfonso Muñoz (@mindcrypt) - Global Technical Cybersecurity Lead & Head of cybersecurity lab |
|
Addressed a potential issue where the application could be exposed to Cloud Drive Connection vulnerability which could allow users to freely gain access to documents on Google Drive from within the application even though it has been logged out. |
JS |
|
Addressed a potential issue where the application could be exposed to ISA Exploit Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. |
Vladislav Mladenov, Christian Mainka, Martin Grothe and Jörg Schwenk of the Ruhr-Universität Bochum and Karsten Meyer zu Selhausen of Hackmanit GmbH |
|
Addressed a potential issue where the application could be exposed to JavaScript Denial of Service vulnerability when deleting pages in a document that contains only one page by calling t.hidden = true function. |
Paolo Arnolfo (@sw33tLie) |
|
Addressed potential issues where the application could be exposed to Null Pointer Reference vulnerability and crash when getting PDF object from document or parsing certain portfolio that contain null dictionary. |
Xie Haikuo from Baidu Security Lab |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when embedding PDFs with invalid URL by calling put_src interface from Foxit Browser plugin in Microsoft Word. This occurs due to the use of illegal IBindStatusCallback object which has been freed (ZDI-CAN-7874). |
@j00sean working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the use of discrepant widget object which is transformed from invalid node appended (ZDI-CAN-7972). |
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability when deleting Field with the nested scripts (ZDI-CAN-8162/ZDI-CAN-8163/ZDI-CAN-8164/ZDI-CAN-8165/ZDI-CAN-8229/ZDI-CAN-8230/ZDI-CAN-8231/ZDI-CAN-8272). |
hemidallt working with Trend Micro Zero Day
Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 16, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.5 and Foxit PhantomPDF 9.5, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.4.1.16828 and earlier |
Windows |
|
Foxit PhantomPDF |
9.4.1.16828 and all previous 9.x versions, 8.3.9.41099 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Race Condition vulnerability when calling the proxyCPDFAction, proxyCheckLicence, proxyDoAction, proxyGetAppEdition, or proxyPreviewAction function with a large integer or long string, which could trigger a stack buffer overflow or out-of-bounds read. Attackers could leverage the vulnerability to execute arbitrary code or disclose information (CVE-2018-20309/CVE-2018-20310/ CVE-2018-20311/CVE-2018-20312/CVE-2018-20313/ CVE-2018-20314/ CVE-2018-20315/ CVE-2018-20316). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed a potential issue where the application could be exposed to Directory Traversal vulnerability, which could lead to remote code execution. This occurs because the application mistakenly allows users to invoke certain JavaScript that is used for cPDF plugin only from the console to write local files (ZDI-CAN-7407). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Integer Overflow vulnerability and crash due to the lack of proper validation of user-supplied data when handling XFA Stuff method. Attackers could exploit this vulnerability to disclose information (ZDI-CAN-7561). |
Anonymous working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Use-After-Free vulnerability and crash when converting HTML files to PDFs, which could be leveraged by attackers to disclose information or execute remote code. This occurs due to the failure in loop termination, release of the memory which has been released before, or abnormal logic processing (ZDI-CAN-7620/ZDI-CAN-7844/ZDI-CAN-8170). |
T3rmin4t0r working with Trend Micro Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash due to the data written in “bmp_ptr->out_row_buffer” or “_JP2_Wavelet_Synthesis_Horizontal_Long” exceeds the maximum allocated when converting PDFs. (ZDI-CAN-7613/ZDI-CAN-7614/ZDI-CAN-7701). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Heap Corruption vulnerability due to the data desynchrony when adding AcroForm. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the multiple release of net::IOBufferWithSize pointer. (ZDI-CAN-7769). |
Mat Powell of Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the release of wild pointer because the Resolution memory is not allocated accordingly when the ucLevel value is changed (ZDI-CAN-7696/ZDI-CAN-7694). |
Hao Li from ADLab of VenusTech working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability due to the use of invalid pointer copy resulting from destructed string object. |
Hui Gao and Zhaoyan Xu of Palo Alto Networks |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability because it did not set the document pointer as null after deleting it by invoking XFA API (ZDI-CAN-7777). |
juggernaut working with Trend Micro Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to IDN Homograph Attach vulnerability when a user clicked a fake link to open illegal address. |
Dr. Alfonso Muñoz (@mindcrypt) - Global Technical Cybersecurity Lead & Head of cybersecurity lab |
|
Addressed a potential issue where the application could be exposed to Cloud Drive Connection vulnerability which could allow users to freely gain access to documents on Google Drive from within the application even though it has been logged out. |
JS |
|
Addressed a potential issue where the application could be exposed to ISA Exploit Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures. |
Vladislav Mladenov, Christian Mainka, Martin Grothe and Jörg Schwenk of the Ruhr-Universität Bochum and Karsten Meyer zu Selhausen of Hackmanit GmbH |
|
Addressed a potential issue where the application could be exposed to JavaScript Denial of Service vulnerability when deleting pages in a document that contains only one page by calling t.hidden = true function. |
Paolo Arnolfo (@sw33tLie) |
|
Addressed potential issues where the application could be exposed to Null Pointer Reference vulnerability and crash when getting PDF object from document or parsing certain portfolio that contain null dictionary. |
Xie Haikuo from Baidu Security Lab |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when embedding PDFs with invalid URL by calling put_src interface from Foxit Browser plugin in Microsoft Word. This occurs due to the use of illegal IBindStatusCallback object which has been freed (ZDI-CAN-7874). |
@j00sean working with Trend Micro Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write Remote Code Execution vulnerability and crash. This occurs due to the use of discrepant widget object which is transformed from invalid node appended (ZDI-CAN-7972). |
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability when deleting Field with the nested scripts (ZDI-CAN-8162/ZDI-CAN-8163/ZDI-CAN-8164/ZDI-CAN-8165/ZDI-CAN-8229/ZDI-CAN-8230/ZDI-CAN-8231/ZDI-CAN-8272). |
hemidallt working with Trend Micro Zero Day
Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 10, 2019
Platform: macOS
Summary
Foxit has released Foxit Reader Mac 3.2, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader Mac |
3.1.0.0111 |
macOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Local Privilege Escalation vulnerability due to incorrect permission setting. Attackers could exploit this vulnerability to escalate his privileges by modifying the dynamic libraries in the PlugIns directory to execute arbitrary application. |
Antonio Zekić of INFIGO IS d.o.o. |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 15, 2019
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.9, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.8.39677 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handling certain XFA element attributes. This occurs due to the failure in calculating null-terminated character string as the string does not end up with null character correctly (CVE-2018-3956). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2018-18688/CVE-2018-18689). |
Vladislav Mladenov, Christian Mainka, Karsten
Meyer zu Selhausen, Martin Grothe, Jorg
Schwenk of the Ruhr-Universität Bochum |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability due to the use of page or pointer which has been closed or freed (ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601). |
Sebastian Apelt (@bitshifter123) working with
Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Remote Code Execution vulnerability and crash when parsing certain PDF files. This occurs due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object (ZDI-CAN-7353/ZDI-CAN-7423). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain images. This occurs because the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption. |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to the access of null pointer when reading the TIFF data during TIFF parsing. |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could crash due to the lack of dereference of null pointer during PDF parsing. |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript. This occurs due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-7368). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting HTML to PDF. This occurs due to the use of pointer which has been freed (ZDI-CAN-7369). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability caused by the abnormality in V8 engine resulting from the parsing of non-standard parameters (ZDI-CAN-7453). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the inconsistent row numbers resulting from inconsistent character width during control text formatting (ZDI-CAN-7576). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-7355). |
Anonymous working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 8, 2019
Platform: Windows
Summary
Foxit has released Foxit PDF ActiveX 5.5.1, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF ActiveX |
5.5.0 and earlier |
Windows |
Solution
Update the Foxit PDF ActiveX to the latest versions by clicking here to download the latest package from our website.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Command Injection Remote Code Execution Vulnerability. This occurs due to ActiveX not having a security permission control, which may allow JavaScript, LauchURL actions and Links to execute binary files/programs without prompting user for consent. (CVE-2018-19418/CVE-2018-19445/CVE-2018-19450/ CVE-2018-19451). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed potential issues where the application could be exposed to Illegally Write Remote Code Execution Vulnerability. This occurs due to ActiveX not having a security permission control, which may allow JavaScript and exportAsFDF to write any type of files to any location without the user's consent (CVE-2018-19446/ CVE-2018-19449). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed a potential issue where the application could be exposed to string1 URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability. This occurs due to lack of a maximum length limit for the URL where a long URL string will cause stack overflow when parsing (CVE-2018-19447). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution Vulnerability. This occurs when a javascript command is triggered by a mouse enter action or a focus lost which deletes the current annotation, and causes it to reference the released memory (CVE-2018-19452/ CVE-2018-19444). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed a potential issue where the application could be exposed to Uninitialized Object Remote Code Execution Vulnerability. This occurs due to the fact that the timer does not end when the form loses focus, which causes subsequent code to reference uninitialized objects (CVE-2018-19448). |
Steven Seeley (mr_me) of Source Incite |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 3, 2019
Platform: Windows
Summary
Foxit has released Foxit Reader 9.4 and Foxit PhantomPDF 9.4, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.3.0.10826 and earlier |
Windows |
|
Foxit PhantomPDF |
9.3.0.10826 and all previous 9.x versions, 8.3.8.39677 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read/Write vulnerability and crash when handling certain XFA element attributes. This occurs due to the failure in calculating null-terminated character string as the string does not end up with null character correctly (CVE-2018-3956). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Signature Validation Bypass vulnerability and deliver incorrect validation result when validating certain PDF file that is modified maliciously or contains non-standard signatures (CVE-2018-18688/CVE-2018-18689). |
Vladislav Mladenov, Christian Mainka, Karsten
Meyer zu Selhausen, Martin Grothe, Jorg
Schwenk of the Ruhr-Universität Bochum |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Information Disclosure vulnerability due to the use of page or pointer which has been closed or freed (ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601). |
Sebastian Apelt (@bitshifter123) working with
Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure or Remote Code Execution vulnerability and crash when parsing certain PDF files. This occurs due to array access violation in the color space and channel or lack of proper validation of illegal palette data in the color space of the image object (ZDI-CAN-7353/ZDI-CAN-7423). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain images. This occurs because the application writes a 2-byte data to the end of the allocated memory without judging whether it will cause corruption. |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to the access of null pointer when reading the TIFF data during TIFF parsing. |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could crash due to the lack of dereference of null pointer during PDF parsing. |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when executing certain JavaScript. This occurs due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-7368). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Remote Code Execution vulnerability when converting HTML to PDF. This occurs due to the use of pointer which has been freed (ZDI-CAN-7369). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability caused by the abnormality in V8 engine resulting from the parsing of non-standard parameters (ZDI-CAN-7453). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the inconsistent row numbers resulting from inconsistent character width during control text formatting (ZDI-CAN-7576). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform CXFA_Object to CXFA_Node without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-7355). |
Anonymous working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 3, 2019
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.4.0.16807 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.3.0.10826 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash if users were using 3D Plugin Beta. This occurs when handling certain PDF file that embeds specifically crafted 3D content due to the improper handling of logic exception in IFXASSERT function (CVE-2019-6982). |
Wei Lei from STAR Labs |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Indexing or Heap Overflow vulnerability and crash if users were using 3D Plugin Beta. This occurs when handling certain PDF file that embeds specifically crafted 3D content due to array access violation (CVE-2019-6983). |
Wei Lei from STAR Labs |
|
Addressed a potential issue where the application could be exposed to Integer Overflow vulnerability and crash if users were using 3D Plugin Beta. This occurs when handling certain PDF file that embeds specifically crafted 3D content due to the free of valid memory (CVE-2019-6984). |
Wei Lei from STAR Labs |
|
Address potential issues where the application could be exposed to Use-After-Free or Type Confusion vulnerability and crash if users were using 3D Plugin Beta. This occurs when handing certain PDF file that embeds specifically crafted 3D content due to the use of wild pointer (CVE-2019-6985). |
Wei Lei from STAR Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: December 17, 2018
Platform: Windows, macOS, Linux, Android, iOS
Summary
Foxit has released Quick PDF Library 16.12, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Quick PDF Library |
16.11 and earlier |
Windows, macOS, Linux, Android, iOS |
Solution
Visit our website or contact support to download the updated version of Quick PDF Library.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed an issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow. |
Gal Elbaz, Alon Boxiner, Eran Vaknin and Noa Novogroder from Check Point Software Technologies |
|
Addressed an issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access. |
Gal Elbaz, Alon Boxiner, Eran Vaknin and Noa Novogroder from Check Point Software Technologies |
|
Addressed an issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access. |
Gal Elbaz, Alon Boxiner, Eran Vaknin and Noa Novogroder from Check Point Software Technologies |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 23, 2018
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 8.3.8.1122 for PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
8.3.8.39677 and earlier |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This occurs due to the use the null pointer or pointer access violation in U3D engine during U3D parsing (CVE-2018-18933/CVE-2018-19341/CVE-2018-19345/CVE-2018-19344). |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This occurs due to JPEG parsing error in IFXCore of the U3D engine during U3D parsing. (CVE-2018-19348/CVE-2018-19346/CVE-2018-19347). |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This is caused by the array access violation in IFXCore of the U3D engine (CVE-2018-19342). |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta due to the incorrect logic in IFXCore of the U3D engine (CVE-2018-19343). |
Asprose of Chengdu University of Information Technology |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 23, 2018
Platform: Windows
Summary
Foxit has released 3D Plugin Beta 9.3.0.10830 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
3D Plugin Beta |
9.3.0.10809 and all previous 9.x versions |
Windows |
Solution
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This occurs due to the use the null pointer or pointer access violation in U3D engine during U3D parsing (CVE-2018-18933/CVE-2018-19341/CVE-2018-19345/CVE-2018-19344). |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This occurs due to JPEG parsing error in IFXCore of the U3D engine during U3D parsing. (CVE-2018-19348/CVE-2018-19346/CVE-2018-19347). |
Asprose of Chengdu University of Information Technology |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta. This is caused by the array access violation in IFXCore of the U3D engine (CVE-2018-19342). |
Asprose of Chengdu University of Information Technology |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin Beta due to the incorrect logic in IFXCore of the U3D engine (CVE-2018-19343). |
Asprose of Chengdu University of Information Technology |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 2, 2018
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.8, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.7.38093 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Access/Write/Read or Use-After-Free vulnerability and crash when parsing non-integer strings during the conversion of HTML files to PDFs, which could be exploited by attackers to execute remote code (ZDI-CAN-6230/ZDI-CAN-7128/ZDI-CAN-7129/ZDI-CAN-7130/ZDI-CAN-7131/ZDI-CAN-7132). |
bit - MeePwn team working with Trend Micro's
Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain JavaScript due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-6333/ZDI-CAN-6334/ZDI-CAN-6335/ZDI-CAN-6336/ZDI-CAN-6352/ZDI-CAN-6353/ZDI-CAN-6355/ZDI-CAN-6434/ZDI-CAN-6435/ZDI-CAN-6435/ZDI-CAN-6354/CVE-2018-3940/CVE-2018-3941/CVE-2018-3942/CVE-2018-3943/CVE-2018-3944/CVE-2018-3945/CVE-2018-3946/CVE-2018-3957/CVE-2018-3962/CVE-2018-3958/CVE-2018-3959/CVE-2018-3960/CVE-2018-3961/CVE-2018-3964/CVE-2018-3965/CVE-2018-3966/CVE-2018-3967/ZDI-CAN-6439/ZDI-CAN-6455/ZDI-CAN-6471/ZDI-CAN-6472/ZDI-CAN-6473/ZDI-CAN-6474/ZDI-CAN-6475/ZDI-CAN-6477/ZDI-CAN-6478/ZDI-CAN-6479/ZDI-CAN-6480/ZDI-CAN-6481/ZDI-CAN-6482/ZDI-CAN-6483/ZDI-CAN-6484/ZDI-CAN-6485/ZDI-CAN-6486/ZDI-CAN-6487/ZDI-CAN-6501/ZDI-CAN-6502/ZDI-CAN-6503/ZDI-CAN-6504/ZDI-CAN-6505/ZDI-CAN-6506/ZDI-CAN-6507/ZDI-CAN-6509/ZDI-CAN-6511/ ZDI-CAN-6512/ZDI-CAN-6513/ZDI-CAN-6514/ZDI-CAN-6517/ZDI-CAN-6518/ZDI-CAN-6519/ZDI-CAN-6520/ZDI-CAN-6521/ZDI-CAN-6522/ZDI-CAN-6523/ZDI-CAN-6524/ ZDI-CAN-6817/ZDI-CAN-6848/ZDI-CAN-6849/ZDI-CAN-6850/ZDI-CAN-6851/ZDI-CAN-6915/ZDI-CAN-7141/ZDI-CAN-7163/ZDI-CAN-6470/ZDI-CAN-7103/ZDI-CAN-7138/ZDI-CAN-7169/ZDI-CAN-7170/CVE-2018-3993/CVE-2018-3994/CVE-2018-3995/CVE-2018-3996/CVE-2018-3997/ZDI-CAN-7067/CVE-2018-16291/CVE-2018-16293/CVE-2018-16295/CVE-2018-16296/CVE-2018-16297/CVE-2018-16294/CVE-2018-16292/ZDI-CAN-7253/ZDI-CAN-7252/ZDI-CAN-7254/ZDI-CAN-7255). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when opening a malicious file. This occurs because a dialog box pops up repeatedly, which prevents the application to be closed (ZDI-CAN-6438/ZDI-CAN-6458). |
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of objects which have been deleted or closed (ZDI-CAN-6614/ZDI-CAN-6616). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of a control object after is has been deleted within static XFA layout, or the access of a wild pointer resulting from a deleted object after XFA re-layout (ZDI-CAN-6500/ZDI-CAN-6700). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handing certain properties of Annotation objects due to the use of freed objects (ZDI-CAN-6498/ZDI-CAN-6499/ZDI-CAN-6820/ZDI-CAN-6845/ ZDI-CAN-7157). |
Kamlapati Choubey of Trend Micro Security
Research working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing malicious PDF documents or certain properties of a PDF form. This occurs because the application continues to set value for the field object after it has been removed (ZDI-CAN-6890/ZDI-CAN-7068/ZDI-CAN-7069/ZDI-CAN-7070/ZDI-CAN-7145). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability since there exists an uninitialized object when creating ArrayBuffer and DataView objects (CVE-2018-17781). |
Steven Seeley (mr_me) of Source Incite working with iDefense Labs |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability when getting pageIndex object without an initial value (CVE-2018-3992). |
Abago Forgans |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing the Lower () method of a XFA object due to the abnormal data access resulting from the different definition of object character length in WideString and ByteString (ZDI-CAN-6617). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability due to the use of a null pointer without validation (ZDI-CAN-6819). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read information Disclosure vulnerability and crash when parsing certain BMP images due to the access of invalid address (ZDI-CAN-6844). |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing a PDF file which contains non-standard signatures. This issue results from the lack of proper validation when getting null value within the obtaining of signature information using OpenSSL as the written signature information is incorrect (ZDI-CAN-7073). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 28, 2018
Platform: Windows
Summary
Foxit has released Foxit Reader 9.3 and Foxit PhantomPDF 9.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.2.0.9297 and earlier |
Windows |
|
Foxit PhantomPDF |
9.2.0.9297 and all previous 9.x versions, 8.3.7.38093 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Access/Write/Read or Use-After-Free vulnerability and crash when parsing non-integer strings during the conversion of HTML files to PDFs, which could be exploited by attackers to execute remote code (ZDI-CAN-6230/ZDI-CAN-7128/ZDI-CAN-7129/ZDI-CAN-7130/ZDI-CAN-7131/ZDI-CAN-7132). |
bit - MeePwn team working with Trend Micro's
Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain JavaScript due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-6333/ZDI-CAN-6334/ZDI-CAN-6335/ZDI-CAN-6336/ZDI-CAN-6352/ZDI-CAN-6353/ZDI-CAN-6355/ZDI-CAN-6434/ZDI-CAN-6435/ZDI-CAN-6435/ZDI-CAN-6354/CVE-2018-3940/CVE-2018-3941/CVE-2018-3942/CVE-2018-3943/CVE-2018-3944/CVE-2018-3945/CVE-2018-3946/CVE-2018-3957/CVE-2018-3962/CVE-2018-3958/CVE-2018-3959/CVE-2018-3960/CVE-2018-3961/CVE-2018-3964/CVE-2018-3965/CVE-2018-3966/CVE-2018-3967/ZDI-CAN-6439/ZDI-CAN-6455/ZDI-CAN-6471/ZDI-CAN-6472/ZDI-CAN-6473/ZDI-CAN-6474/ZDI-CAN-6475/ZDI-CAN-6477/ZDI-CAN-6478/ZDI-CAN-6479/ZDI-CAN-6480/ZDI-CAN-6481/ZDI-CAN-6482/ZDI-CAN-6483/ZDI-CAN-6484/ZDI-CAN-6485/ZDI-CAN-6486/ZDI-CAN-6487/ZDI-CAN-6501/ZDI-CAN-6502/ZDI-CAN-6503/ZDI-CAN-6504/ZDI-CAN-6505/ZDI-CAN-6506/ZDI-CAN-6507/ZDI-CAN-6509/ZDI-CAN-6511/ ZDI-CAN-6512/ZDI-CAN-6513/ZDI-CAN-6514/ZDI-CAN-6517/ZDI-CAN-6518/ZDI-CAN-6519/ZDI-CAN-6520/ZDI-CAN-6521/ZDI-CAN-6522/ZDI-CAN-6523/ZDI-CAN-6524/ ZDI-CAN-6817/ZDI-CAN-6848/ZDI-CAN-6849/ZDI-CAN-6850/ZDI-CAN-6851/ZDI-CAN-6915/ZDI-CAN-7141/ZDI-CAN-7163/ZDI-CAN-6470/ZDI-CAN-7103/ZDI-CAN-7138/ZDI-CAN-7169/ZDI-CAN-7170/CVE-2018-3993/CVE-2018-3994/CVE-2018-3995/CVE-2018-3996/CVE-2018-3997/ZDI-CAN-7067/CVE-2018-16291/CVE-2018-16293/CVE-2018-16295/CVE-2018-16296/CVE-2018-16297/CVE-2018-16294/CVE-2018-16292/ZDI-CAN-7253/ZDI-CAN-7252/ZDI-CAN-7254/ZDI-CAN-7255). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when opening a malicious file. This occurs because a dialog box pops up repeatedly, which prevents the application to be closed (ZDI-CAN-6438/ZDI-CAN-6458). |
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of objects which have been deleted or closed (ZDI-CAN-6614/ZDI-CAN-6616). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of a control object after is has been deleted within static XFA layout, or the access of a wild pointer resulting from a deleted object after XFA re-layout (ZDI-CAN-6500/ZDI-CAN-6700). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handing certain properties of Annotation objects due to the use of freed objects (ZDI-CAN-6498/ZDI-CAN-6499/ZDI-CAN-6820/ZDI-CAN-6845/ ZDI-CAN-7157). |
Kamlapati Choubey of Trend Micro Security
Research working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing malicious PDF documents or certain properties of a PDF form. This occurs because the application continues to set value for the field object after it has been removed (ZDI-CAN-6890/ZDI-CAN-7068/ZDI-CAN-7069/ZDI-CAN-7070/ZDI-CAN-7145). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability since there exists an uninitialized object when creating ArrayBuffer and DataView objects (CVE-2018-17781). |
Steven Seeley (mr_me) of Source Incite working with iDefense Labs |
|
Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability when getting pageIndex object without an initial value (CVE-2018-3992). |
Abago Forgans |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing the Lower () method of a XFA object due to the abnormal data access resulting from the different definition of object character length in WideString and ByteString (ZDI-CAN-6617). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability due to the use of a null pointer without validation (ZDI-CAN-6819). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read information Disclosure vulnerability and crash when parsing certain BMP images due to the access of invalid address (ZDI-CAN-6844). |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing a PDF file which contains non-standard signatures. This issue results from the lack of proper validation when getting null value within the obtaining of signature information using OpenSSL as the written signature information is incorrect (ZDI-CAN-7073). |
Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the Foxit E-mail adverting system that used Interspire Email Marketer service could be exposed to Interspire Email Marketer Remote Admin Authentication Bypass vulnerability, which could be exploited by attackers to disclose information. |
Velayutham Selvaraj of TwinTech Solutions |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 18, 2018
Platform: Linux
Summary
Foxit has released Foxit Reader 2.4.4, which addresses a potential security and stability issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
2.4.1.0609 and earlier |
Linux |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash due to null pointer access. |
L5 of Qihoo 360 Vulcan Team |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 16, 2018
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.7, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.6.35572 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the use of object, pointer, or document which has been freed or closed (ZDI-CAN-5415/ZDI-CAN-5416/ZDI-CAN-5417/V-88f4smlocs/ZDI-CAN-5771/ZDI-CAN-6231/ZDI-CAN-6232/ZDI-CAN-6233/ ZDI-CAN-6211/ZDI-CAN-6212/ZDI-CAN-6213/ZDI-CAN-6327/ZDI-CAN-6328/ZDI-CAN-6214/ZDI-CAN-6215/ZDI-CAN-6216/ZDI-CAN-6217/ZDI-CAN-6218/ZDI-CAN-6219/ZDI-CAN-6220/ZDI-CAN-6265/ZDI-CAN-6266/ZDI-CAN-6267/ZDI-CAN-6326/ZDI-CAN-6329/ZDI-CAN-6330/ CVE-2018-3924/CVE-2018-3939). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability when parsing or converting JPG files due to access violation on pointer, which could be exploited by attackers to disclose information or execute remote code (ZDI-CAN-5756/ZDI-CAN-5896/ZDI-CAN-5873). |
soiax working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability when calling addAdLayer function since the certain object in the function is replaced (ZDI-CAN-6003/ZDI-CAN-6004/ZDI-CAN-6005/ZDI-CAN-6006/ZDI-CAN-6007/ZDI-CAN-6008/ZDI-CAN-6009/ZDI-CAN-6010/ZDI-CAN-6011/ZDI-CAN-6012/ZDI-CAN-6013/ZDI-CAN-6014/ZDI-CAN-6015/ZDI-CAN-6016/ZDI-CAN-6017/ZDI-CAN-6018/ZDI-CAN-6019/ZDI-CAN-6020/ZDI-CAN-6021/ZDI-CAN-6022/ZDI-CAN-6023/ZDI-CAN-6024/ZDI-CAN-6025/ZDI-CAN-6026/ZDI-CAN-6027/ZDI-CAN-6028/ZDI-CAN-6029/ZDI-CAN-6030/ZDI-CAN-6031/ZDI-CAN-6032/ZDI-CAN-6033/ZDI-CAN-6034/ZDI-CAN-6035/ZDI-CAN-6036/ZDI-CAN-6037/ZDI-CAN-6038/ZDI-CAN-6039/ZDI-CAN-6058/ZDI-CAN-6059/ZDI-CAN-6060/ZDI-CAN-5770/ZDI-CAN-5773). |
nsfocus security team working with Trend
Micro's Zero Day Initiative |
| Addressed potential issues where the application could be exposed to Arbitrary File Write vulnerability when executing exportAsFDF or exportData JavaScript since the application does not properly validate the file type to be exported, which could lead to remote code execution (ZDI-CAN-5619/ZDI-CAN-6332/ZDI-CAN-5757). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash. This occurs when executing certain JavaScript functions since the application could transform non-XFA-node to XFA-node and use the discrepant XFA-node directly (ZDI-CAN-5641/ZDI-CAN-5642/ZDI-CAN-5774/ZDI-CAN-6331). |
nsfocus security team working with Trend
Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Uninitialized Pointer Remote Code Execution vulnerability. This occurs since the array object is transformed and used as dictionary object in the cases where inline image dictionary contains invalid dictionary end symbol and array start symbol which leads to inline image to be released and new array object to be added (ZDI-CAN-5763/ZDI-CAN-6221). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to NTLM Credentials Theft vulnerability when executing GoToE & GoToR action, which could lead to information disclosure. |
Deepu |
|
Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash due to out of bound of array when parsing a malformed PDF file (ZDI-CAN-6222). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Integer Overflow Remote Code Execution vulnerability and crash since the value read from a crafted PDF file exceeds the maximum value the data type can represent (ZDI-CAN-6223). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability since the ICCBased color space is replaced with Pattern color space when the application parses “ColorSpace” within a PDF (ZDI-CAN-6362/ZDI-CAN-6683). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to improper handling of process when executing GetAssociatedPageIndex function (ZDI-CAN-6351). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could crash when executing var test = new ArrayBuffer(0xfffffffe) JavaScript due to large buffer application. |
Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 19, 2018
Platform: Windows
Summary
Foxit has released Foxit Reader 9.2 and Foxit PhantomPDF 9.2, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.1.0.5096 and earlier |
Windows |
|
Foxit PhantomPDF |
9.1.0.5096 and all previous 9.x versions, 8.3.6.35572 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the use of object, pointer, or document which has been freed or closed (ZDI-CAN-5415/ZDI-CAN-5416/ZDI-CAN-5417/V-88f4smlocs/ZDI-CAN-5771/ZDI-CAN-6231/ZDI-CAN-6232/ZDI-CAN-6233/ ZDI-CAN-6211/ZDI-CAN-6212/ZDI-CAN-6213/ZDI-CAN-6327/ZDI-CAN-6328/ZDI-CAN-6214/ZDI-CAN-6215/ZDI-CAN-6216/ZDI-CAN-6217/ZDI-CAN-6218/ZDI-CAN-6219/ZDI-CAN-6220/ZDI-CAN-6265/ZDI-CAN-6266/ZDI-CAN-6267/ZDI-CAN-6326/ZDI-CAN-6329/ZDI-CAN-6330/ CVE-2018-3924/CVE-2018-3939). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability when parsing or converting JPG files due to access violation on pointer, which could be exploited by attackers to disclose information or execute remote code (ZDI-CAN-5756/ZDI-CAN-5896/ZDI-CAN-5873). |
soiax working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability when calling addAdLayer function since the certain object in the function is replaced (ZDI-CAN-6003/ZDI-CAN-6004/ZDI-CAN-6005/ZDI-CAN-6006/ZDI-CAN-6007/ZDI-CAN-6008/ZDI-CAN-6009/ZDI-CAN-6010/ZDI-CAN-6011/ZDI-CAN-6012/ZDI-CAN-6013/ZDI-CAN-6014/ZDI-CAN-6015/ZDI-CAN-6016/ZDI-CAN-6017/ZDI-CAN-6018/ZDI-CAN-6019/ZDI-CAN-6020/ZDI-CAN-6021/ZDI-CAN-6022/ZDI-CAN-6023/ZDI-CAN-6024/ZDI-CAN-6025/ZDI-CAN-6026/ZDI-CAN-6027/ZDI-CAN-6028/ZDI-CAN-6029/ZDI-CAN-6030/ZDI-CAN-6031/ZDI-CAN-6032/ZDI-CAN-6033/ZDI-CAN-6034/ZDI-CAN-6035/ZDI-CAN-6036/ZDI-CAN-6037/ZDI-CAN-6038/ZDI-CAN-6039/ZDI-CAN-6058/ZDI-CAN-6059/ZDI-CAN-6060/ZDI-CAN-5770/ZDI-CAN-5773). |
nsfocus security team working with Trend
Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Arbitrary File Write vulnerability when executing exportAsFDF or exportData JavaScript since the application does not properly validate the file type to be exported, which could lead to remote code execution (ZDI-CAN-5619/ZDI-CAN-6332/ZDI-CAN-5757). |
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash. This occurs when executing certain JavaScript functions since the application could transform non-XFA-node to XFA-node and use the discrepant XFA-node directly (ZDI-CAN-5641/ZDI-CAN-5642/ZDI-CAN-5774/ZDI-CAN-6331). |
nsfocus security team working with Trend
Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Uninitialized Pointer Remote Code Execution vulnerability. This occurs since the array object is transformed and used as dictionary object in the cases where inline image dictionary contains invalid dictionary end symbol and array start symbol which leads to inline image to be released and new array object to be added (ZDI-CAN-5763/ZDI-CAN-6221). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to NTLM Credentials Theft vulnerability when executing GoToE & GoToR action, which could lead to information disclosure. |
Deepu |
|
Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash due to out of bound of array when parsing a malformed PDF file (ZDI-CAN-6222). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Integer Overflow Remote Code Execution vulnerability and crash since the value read from a crafted PDF file exceeds the maximum value the data type can represent (ZDI-CAN-6223). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability since the ICCBased color space is replaced with Pattern color space when the application parses “ColorSpace” within a PDF (ZDI-CAN-6362/ZDI-CAN-6683). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to improper handling of process when executing GetAssociatedPageIndex function (ZDI-CAN-6351). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could crash when executing var test = new ArrayBuffer(0xfffffffe) JavaScript due to large buffer application. |
Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 7, 2018
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.6, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.5.30351 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability since the application passes an insufficiently qualified path in loading an external library when a user launches the application, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. |
Ye Yint Min Thu htut |
|
Addressed potential issues where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash with abusing certain function calls. (CVE-2017-17557/ZDI-CAN-5472/ZDI-CAN-5895/ZDI-CAN-5473). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability due to the use of freed object when executing JavaScript or invoking certain functions to get object properties, which could be exploited by attackers to execute remote code (CVE-2017-14458/ZDI-CAN-5436/ZDI-CAN-5527/ZDI-CAN-5528/ZDI-CAN-5529/ZDI-CAN-5531/ZDI-CAN-5617/ZDI-CAN-5618/ZDI-CAN-5620/ZDI-CAN-5579/ZDI-CAN-5580/ZDI-CAN-5488/ZDI-CAN-5489/ZDI-CAN-5312/ZDI-CAN-5432/ ZDI-CAN-5433/ZDI-CAN-5434/ZDI-CAN-5435/ZDI-CAN-5568/ZDI-CAN-5491/ZDI-CAN-5379/ZDI-CAN-5382). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Uninitialized Memory/Pointer Information Disclosure or Remote Code Execution vulnerabilities due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects (ZDI-CAN-5437/ZDI-CAN-5438/CVE-2018-3842/ ZDI-CAN-5380). |
Steven Seeley of Source Incite working with
Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution or Information Disclosure vulnerability and crash due to incorrect memory allocation, memory commit, memory access, or array access (ZDI-CAN-5442/ZDI-CAN-5490/ZDI-CAN-5413/ZDI-CAN-5754/ZDI-CAN-5755/ZDI-CAN-5758). |
Phil Blankenship of Cerberus Security working
with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerabilities and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly (ZDI-CAN-5370/ZDI-CAN-5371/ZDI-CAN-5372/ZDI-CAN-5373/ ZDI-CAN-5374/ZDI-CAN-5375/ZDI-CAN-5376/ZDI-CAN-5377). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash since the application could continue to traverse pages after the document has been closed or free certain objects repeatedly (ZDI-CAN-5471/ZDI-CAN-5414/CVE-2018-3853). |
willJ of Tencent PC Manager working with Trend
Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution or Information Disclosure vulnerability by abusing GoToE & GoToR Actions to open or run arbitrary executable applications on a target system. |
Assaf Baharav of Threat Response Research Team |
|
Addressed a potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-5549). |
soiax working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of object which has been closed or removed (ZDI-CAN-5569/ZDI-CAN-5570/ZDI-CAN-5571/ZDI-CAN-5572/CVE-2018-3850/ZDI-CAN-5762/CVE-2018-10303/CVE-2018-10302). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when parsing files with associated file annotations due to dereference of an object of invalid type, which could lead to sensitive memory disclosure or arbitrary code execution (CVE-2018-3843). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could crash when opening a PDF in a browser from Microsoft Word since the application did not handle a COM object properly. |
Anurudh |
|
Addressed a potential issue where the application could be exposed to arbitrary application execution vulnerability since users could embed executable files to PDF portfolio from within the application (FG-VD-18-029). |
Chris Navarrete of Fortinet's FortiGuard Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 19, 2018
Platform: Windows
Summary
Foxit has released Foxit Reader 9.1 and Foxit PhantomPDF 9.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
9.0.1.1049 and earlier |
Windows |
|
Foxit PhantomPDF |
9.0.1.1049, 9.0.0.29935, 8.3.5.30351 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability since the application passes an insufficiently qualified path in loading an external library when a user launches the application, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. |
Ye Yint Min Thu htut |
|
Addressed potential issues where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash with abusing certain function calls. (CVE-2017-17557/ZDI-CAN-5472/ZDI-CAN-5895/ZDI-CAN-5473). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerability due to the use of freed object when executing JavaScript or invoking certain functions to get object properties, which could be exploited by attackers to execute remote code (CVE-2017-14458/ZDI-CAN-5436/ZDI-CAN-5527/ZDI-CAN-5528/ZDI-CAN-5529/ZDI-CAN-5531/ZDI-CAN-5617/ZDI-CAN-5618/ZDI-CAN-5620/ZDI-CAN-5579/ZDI-CAN-5580/ZDI-CAN-5488/ZDI-CAN-5489/ZDI-CAN-5312/ZDI-CAN-5432/ ZDI-CAN-5433/ZDI-CAN-5434/ZDI-CAN-5435/ZDI-CAN-5568/ZDI-CAN-5491/ZDI-CAN-5379/ZDI-CAN-5382). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Uninitialized Memory/Pointer Information Disclosure or Remote Code Execution vulnerabilities due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects (ZDI-CAN-5437/ZDI-CAN-5438/CVE-2018-3842/ ZDI-CAN-5380). |
Steven Seeley of Source Incite working with
Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution or Information Disclosure vulnerability and crash due to incorrect memory allocation, memory commit, memory access, or array access (ZDI-CAN-5442/ZDI-CAN-5490/ZDI-CAN-5413/ZDI-CAN-5754/ZDI-CAN-5755/ZDI-CAN-5758). |
Phil Blankenship of Cerberus Security working
with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerabilities and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly (ZDI-CAN-5370/ZDI-CAN-5371/ZDI-CAN-5372/ZDI-CAN-5373/ ZDI-CAN-5374/ZDI-CAN-5375/ZDI-CAN-5376/ZDI-CAN-5377). |
Anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash since the application could continue to traverse pages after the document has been closed or free certain objects repeatedly (ZDI-CAN-5471/ZDI-CAN-5414/CVE-2018-3853). |
willJ of Tencent PC Manager working with Trend
Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution or Information Disclosure vulnerability by abusing GoToE & GoToR Actions to open or run arbitrary executable applications on a target system. |
Assaf Baharav of Threat Response Research Team |
|
Addressed a potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-5549). |
soiax working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of object which has been closed or removed (ZDI-CAN-5569/ZDI-CAN-5570/ZDI-CAN-5571/ZDI-CAN-5572/CVE-2018-3850/ZDI-CAN-5762/CVE-2018-10303/CVE-2018-10302). |
Steven Seeley (mr_me) of Source Incite working
with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when parsing files with associated file annotations due to dereference of an object of invalid type, which could lead to sensitive memory disclosure or arbitrary code execution (CVE-2018-3843). |
Aleksandar Nikolic of Cisco Talos |
|
Addressed a potential issue where the application could crash when opening a PDF in a browser from Microsoft Word since the application did not handle a COM object properly. |
Anurudh |
|
Addressed a potential issue where the application could be exposed to arbitrary application execution vulnerability since users could embed executable files to PDF portfolio from within the application (FG-VD-18-029). |
Chris Navarrete of Fortinet's FortiGuard Labs |
|
Addressed potential issues where the application could be exposed to U3D Out-of-Bounds Read/Write/Access vulnerabilities, which could lead to information disclosure or remote code execution (ZDI-CAN-5425/ZDI-CAN-5428/ ZDI-CAN-5429/ZDI-CAN-5430/ZDI-CAN-5483/ZDI-CAN-5494/ZDI-CAN-5495/ZDI-CAN-5393/ZDI-CAN-5394/ZDI-CAN-5395/ZDI-CAN-5396/ZDI-CAN-5397/ZDI-CAN-5399/ ZDI-CAN-5401/ZDI-CAN-5408/ZDI-CAN-5409/ZDI-CAN-5410/ZDI-CAN-5412/ZDI-CAN-5418/ZDI-CAN-5419/ZDI-CAN-5421/ZDI-CAN-5422/ZDI-CAN-5423/ZDI-CAN-5424/ CVE-2018-5675/CVE-2018-5677/CVE-2018-5679/CVE-2018-5680/ZDI-CAN-5392/ZDI-CAN-5426). |
kdot working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to U3D Use-After-Free vulnerabilities, which could lead to remote code execution (ZDI-CAN-5427). |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to U3D Uninitialized Pointer vulnerabilities, which could lead to remote code execution (ZDI-CAN-5431/ZDI-CAN-5411). |
Dmitri Kaslov working with Trend Micro's Zero
Day Initiative |
|
Addressed potential issues where the application could be exposed to U3D Heap Buffer Overflow or Stack-based Buffer Overflow vulnerabilities, which could lead to remote code execution (ZDI-CAN-5493/ZDI-CAN-5420/ CVE-2018-5674/CVE-2018-5676/CVE-2018-5678). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to U3D Type Confusion vulnerabilities, which could lead to remote code execution (ZDI-CAN-5586/CVE-2018-7407). |
Dmitri Kaslov working with Trend Micro's Zero
Day Initiative |
|
Addressed a potential issue where the application could be exposed to U3D Parsing Array Indexing vulnerability, which could lead to remote code execution (CVE-2018-7406). |
Steven Seeley (mr_me) of Source Incite |
|
Addressed potential issues where the application could be exposed to U3D Out-of-Bounds Read/Write/Access vulnerabilities, which could lead to information disclosure or remote code execution (ZDI-CAN-5425/ZDI-CAN-5428/ ZDI-CAN-5429/ZDI-CAN-5430/ZDI-CAN-5483/ZDI-CAN-5494/ZDI-CAN-5495/ZDI-CAN-5393/ZDI-CAN-5394/ZDI-CAN-5395/ZDI-CAN-5396/ZDI-CAN-5397/ZDI-CAN-5399/ ZDI-CAN-5401/ZDI-CAN-5408/ZDI-CAN-5409/ZDI-CAN-5410/ZDI-CAN-5412/ZDI-CAN-5418/ZDI-CAN-5419/ZDI-CAN-5421/ZDI-CAN-5422/ZDI-CAN-5423/ZDI-CAN-5424/ CVE-2018-5675/CVE-2018-5677/CVE-2018-5679/CVE-2018-5680/ZDI-CAN-5392/ZDI-CAN-5426). |
kdot working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to U3D Use-After-Free vulnerabilities, which could lead to remote code execution (ZDI-CAN-5427). |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed potential issues where the application could be exposed to U3D Uninitialized Pointer vulnerabilities, which could lead to remote code execution (ZDI-CAN-5431/ZDI-CAN-5411). |
Dmitri Kaslov working with Trend Micro's Zero
Day Initiative |
|
Addressed potential issues where the application could be exposed to U3D Heap Buffer Overflow or Stack-based Buffer Overflow vulnerabilities, which could lead to remote code execution (ZDI-CAN-5493/ZDI-CAN-5420/ CVE-2018-5674/CVE-2018-5676/CVE-2018-5678). |
Anonymous working with Trend Micro's Zero Day
Initiative |
|
Addressed potential issues where the application could be exposed to U3D Type Confusion vulnerabilities, which could lead to remote code execution (ZDI-CAN-5586/CVE-2018-7407). |
Dmitri Kaslov working with Trend Micro's Zero
Day Initiative |
|
Addressed a potential issue where the application could be exposed to U3D Parsing Array Indexing vulnerability, which could lead to remote code execution (CVE-2018-7406). |
Steven Seeley (mr_me) of Source Incite |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 8, 2018
Platform: Android
Summary
Foxit has released Foxit MobilePDF for Android 6.1, which addresses a potential security and stability issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit MobilePDF for Android |
6.0.2 and earlier |
Android |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to an arbitrary file read and disclosure vulnerability with abusing URI + escape character during Wi-Fi transfer. This occurs because the paths are not properly escaped or validated when processed within the URI, and the Wi-Fi service keeps running even if users have closed the application. |
Benjamin Watson of VerSprite |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 17, 2017
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 8.3.5, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
8.3.2.25013 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-5015/ ZDI-CAN-5016/ZDI-CAN-5017/ZDI-CAN-5018/ZDI-CAN-5019/ ZDI-CAN-5020/ZDI-CAN-5021/ZDI-CAN-5022/ZDI-CAN-5027/ZDI-CAN-5029/ZDI-CAN-5288). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly (ZDI-CAN-5072/ZDI-CAN-5073). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of Annot object which has been freed (ZDI-CAN-4979/ZDI-CAN-4980/ZDI-CAN-4981/ZDI-CAN-5023/ZDI-CAN-5024/ZDI-CAN-5025/ZDI-CAN-5026/ZDI-CAN-5028). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-4982/ZDI-CAN-5013/ZDI-CAN-4976/ZDI-CAN-4977/ZDI-CAN-5012/ ZDI-CAN-5244). |
soiax working with Trend Micro's |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to abnormal memory access with abusing the lrt_jp2_decompress_write_stripe function call to open arbitrary file (ZDI-CAN-5014). |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when rendering images with abusing the render.image function call to open a local PDF file (ZDI-CAN-5078/ZDI-CAN-5079). |
Ashraf Alharbi (Ha5ha5hin) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the GetBitmapWithoutColorKey function call to open an abnormal PDF file (ZDI-CAN-4978). |
kdot working with Trend Micro's |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to uninitialized pointer with abusing the JP2_Format_Decom function call to open an abnormal PDF file (ZDI-CAN-5011). |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the inconsistency of XFA nodes and XML nodes after deletion during data binding (ZDI-CAN-5091/ZDI-CAN-5092/ZDI-CAN-5289). |
Anonymous working with Trend |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of document after it has been freed by closeDoc JavaScript (ZDI-CAN-5094/ZDI-CAN-5282/ZDI-CAN-5294/ZDI-CAN-5295/ZDI-CAN-5296). |
Steven Seeley (mr_me) of |
|
Addressed a potential issue where when the application is running in single instance mode, it could be exposed to arbitrary code execution or denial of service vulnerability and fail to initialize PenInputPanel component by calling CoCreateInstance function when users open a PDF file by double click after launching the application (CVE-2017-14694). |
Lin Wang, Beihang University, |
|
Addressed a potential issue where the application could be exposed to Buffer Overflow vulnerability when opening certain EPUB file due to the invalid length of size_file_name in CDRecord in the ZIP compression data. |
Phil Blankenship of Cerberus Security |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability when opening certain XFA files due to the use of discrepant data object during data binding (ZDI-CAN-5216). |
Anonymous working with Trend |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when the gflags app is enabled due to the incorrect resource loading which could lead to disordered file type filter (ZDI-CAN-5281). |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the calling of incorrect util.printf parameter (ZDI-CAN-5290). |
Anonymous working with Trend |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 12, 2017
Platform: iOS
Summary
Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit MobilePDF for iOS |
6.0.0 and earlier |
iOS |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to a denial-of-service vulnerability. This occurs when users upload a file which includes hexadecimal Unicode character in the “filename” parameter via Wi-Fi since the application could fail to parse such file name. |
Antonio Zekić of INFIGO IS d.o.o. |
|
Addressed a potential issue where the application could be exposed to a Directory Traversal vulnerability with abusing the URL + escape character during Wi-Fi transfer, which could be exploited by attackers to manipulate the local application files maliciously. |
Antonio Zekić of INFIGO IS d.o.o. |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 1, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 9.0 and Foxit PhantomPDF 9.0, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.3.2.25013 and earlier |
Windows |
|
Foxit PhantomPDF |
8.3.2.25013 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-5015/ ZDI-CAN-5016/ZDI-CAN-5017/ZDI-CAN-5018/ZDI-CAN-5019/ ZDI-CAN-5020/ZDI-CAN-5021/ZDI-CAN-5022/ZDI-CAN-5027/ZDI-CAN-5029/ZDI-CAN-5288). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly (ZDI-CAN-5072/ZDI-CAN-5073). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of Annot object which has been freed (ZDI-CAN-4979/ZDI-CAN-4980/ZDI-CAN-4981/ZDI-CAN-5023/ZDI-CAN-5024/ZDI-CAN-5025/ZDI-CAN-5026/ZDI-CAN-5028). |
Steven Seeley (mr_me) of |
|
Addressed potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-4982/ZDI-CAN-5013/ZDI-CAN-4976/ZDI-CAN-4977/ZDI-CAN-5012/ ZDI-CAN-5244). |
soiax working with Trend Micro's |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to abnormal memory access with abusing the lrt_jp2_decompress_write_stripe function call to open arbitrary file (ZDI-CAN-5014). |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when rendering images with abusing the render.image function call to open a local PDF file (ZDI-CAN-5078/ZDI-CAN-5079). |
Ashraf Alharbi (Ha5ha5hin) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the GetBitmapWithoutColorKey function call to open an abnormal PDF file (ZDI-CAN-4978). |
kdot working with Trend Micro's |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to uninitialized pointer with abusing the JP2_Format_Decom function call to open an abnormal PDF file (ZDI-CAN-5011). |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the inconsistency of XFA nodes and XML nodes after deletion during data binding (ZDI-CAN-5091/ZDI-CAN-5092/ZDI-CAN-5289). |
Anonymous working with Trend |
|
Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of document after it has been freed by closeDoc JavaScript (ZDI-CAN-5094/ZDI-CAN-5282/ZDI-CAN-5294/ZDI-CAN-5295/ZDI-CAN-5296). |
Steven Seeley (mr_me) of |
|
Addressed a potential issue where when the application is running in single instance mode, it could be exposed to arbitrary code execution or denial of service vulnerability and fail to initialize PenInputPanel component by calling CoCreateInstance function when users open a PDF file by double click after launching the application (CVE-2017-14694). |
Lin Wang, Beihang University, |
|
Addressed a potential issue where the application could be exposed to Buffer Overflow vulnerability when opening certain EPUB file due to the invalid length of size_file_name in CDRecord in the ZIP compression data. |
Phil Blankenship of Cerberus Security |
|
Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability when opening certain XFA files due to the use of discrepant data object during data binding (ZDI-CAN-5216). |
Anonymous working with Trend |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when the gflags app is enabled due to the incorrect resource loading which could lead to disordered file type filter (ZDI-CAN-5281). |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the calling of incorrect util.printf parameter (ZDI-CAN-5290). |
Anonymous working with Trend |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: September 11, 2017
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 7.3.17, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
7.3.15.712 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program. |
Ariele Caltabiano |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system. |
Steven Seeley (mr_me) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system. |
Steven Seeley (mr_me) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file. |
Steven Seeley (mr_me) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 26, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.3.1.21155 and earlier |
Windows |
|
Foxit PhantomPDF |
8.3.1.21155 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program. |
Ariele Caltabiano (kimiya) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system. |
Steven Seeley (mr_me) of |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system. |
Steven Seeley (mr_me) |
|
Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file. |
Steven Seeley (mr_me) of |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 26, 2017
Platform: Windows
Summary
Foxit has released Foxit PDF Compressor 7.7.2.23, which addresses a potential security and stability issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF Compressor |
From 7.0.0.183 to 7.7.2.10 |
Windows |
Solution
No further action is required if you have installed the application securely. To get the latest version of Foxit PDF Compressor, please click here.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application's installer package could be exposed to a DLL Pre-Loading vulnerability, which could be leveraged by attackers to execute remote code during the installation process. |
Kushal Arvind Shah of Fortinet's
|
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 20, 2017
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 7.3.15, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
7.3.13.421 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a Null Pointer Read or Null Pointer Deference vulnerability, which could lead to unexpected crash. |
Dmitri Kaslov |
|
Addressed potential issues where the application could still execute JavaScript functions even when the JavaScript Actions in Trust Manager had been disabled. |
Alexander Inführ |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code. |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
Ashfaq Ansari - Project Srishti |
|
Addressed a potential issue where the application could be exposed to an Arbitrary Write vulnerability, which could be leveraged by attackers to execute remote code. |
Ashfaq Ansari - Project Srishti |
|
Addressed a potential issue where the application could be exposed to a Use-Before-Initialization vulnerability, which could lead to unexpected crash. |
Jean-Marc Le Blanc |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: July 04, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 8.3.1 and Foxit PhantomPDF 8.3.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.3.0.14878 and earlier |
Windows |
|
Foxit PhantomPDF |
8.3.0.14878 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a Null Pointer Read or Null Pointer Deference vulnerability, which could lead to unexpected crash. |
Dmitri Kaslov |
|
Addressed potential issues where the application could still execute JavaScript functions even when the JavaScript Actions in Trust Manager had been disabled. |
Alexander Inführ |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code. |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
Ashfaq Ansari - Project Srishti |
|
Addressed a potential issue where the application could be exposed to an Arbitrary Write vulnerability, which could be leveraged by attackers to execute remote code. |
Ashfaq Ansari - Project Srishti |
|
Addressed a potential issue where the application could be exposed to a Use-Before-Initialization vulnerability, which could lead to unexpected crash. |
Jean-Marc Le Blanc |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: May 4, 2017
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 7.3.13, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
7.3.11.1122 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code under the context of the current process. |
NSFOCUS Security Team |
|
Addressed potential issues where the application could be exposed to a Type Confusion vulnerability, which could be exploited by attackers to execute remote code under the context of the current process. |
NSFOCUS Security Team |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure or remote code execution. |
Ke Liu of Tencent's Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability when open a crafted PDF file, which could cause the application to crash unexpectedly. |
riusksk of Tencent Security |
|
Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be leveraged by attackers to execute remote code. |
Toan Pham Van working with |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write/Read vulnerability, which could be exploited by attackers to execute remote code or leak information. |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code. |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to a Font Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Memory Corruption vulnerability when converting JPEG or TIFF files to PDFs, which could be exploited by attackers to execute remote code or leak information. |
Ke Liu of Tencent's Xuanwu LAB |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code. |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write vulnerability, which could lead to remote code execution. |
Toan Pham Van working with |
|
Addressed a potential issue where the application could be exposed to a null pointer vulnerability, which could lead to unexpected crash. |
Dmitri Kaslov (PwC za-labs) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 18, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.2.1.6871 and earlier |
Windows |
|
Foxit PhantomPDF |
8.2.1.6871 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code. |
Steven Seeley (mr_me) of |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write vulnerability, which could lead to remote code execution. |
Toan Pham Van working with |
|
Addressed a potential issue where the application could be exposed to a null pointer vulnerability, which could lead to unexpected crash. |
Dmitri Kaslov (PwC za-labs) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: April 6, 2017
Platform: Windows
Summary
Foxit has released Foxit PDF Toolkit 2.1, which addresses a potential security issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF Toolkit |
2.0 |
Windows |
Solution
Update Foxit PDF Toolkit to the latest version by clicking here to download it from our website.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be exploited by attackers to execute arbitrary code (CVE-2017-7584). |
Kushal Arvind Shah of Fortinet's FortiGuard Labs |
Release date: March 1, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.2.0.2051 and earlier |
Windows |
|
Foxit PhantomPDF |
8.2.0.2192 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code under the context of the current process. |
NSFOCUS Security Team |
|
Addressed potential issues where the application could be exposed to a Type Confusion vulnerability, which could be exploited by attackers to execute remote code under the context of the current process. |
NSFOCUS Security Team |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure or remote code execution. |
Ke Liu of Tencent's Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability when open a crafted PDF file, which could cause the application to crash unexpectedly. |
riusksk of Tencent Security |
|
Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be leveraged by attackers to execute remote code. |
Toan Pham Van working with |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 10, 2017
Platform: Windows
Summary
Foxit has released Foxit Reader 8.2 and Foxit PhantomPDF 8.2, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.1.4.1208 and earlier |
Windows |
|
Foxit PhantomPDF |
8.1.1.1115 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write/Read vulnerability, which could be exploited by attackers to execute remote code or leak information. |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code. |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to a Font Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
kdot working with Trend Micro's |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Memory Corruption vulnerability when converting JPEG or TIFF files to PDFs, which could be exploited by attackers to execute remote code or leak information. |
Ke Liu of Tencent's Xuanwu LAB |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 10, 2017
Platform: Linux
Summary
Foxit has released Foxit Reader for Linux 2.3, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
2.2.1025 and earlier |
Linux |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to a stack overflow vulnerability, which could be exploited by attackers to execute a controlled crash. |
Dmitri Kaslov |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: January 10, 2017
Platform: Windows
Summary
Foxit has released Foxit PDF Toolkit 2.0, which addresses a potential security issue.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF Toolkit |
1.3 |
Windows |
Solution
Update Foxit PDF Toolkit to the latest version by clicking here to download it from our website.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to a memory corruption vulnerability when parsing PDF files, which could cause remote code execution (CVE-2017-5364). |
Kushal Arvind Shah of Fortinet's FortiGuard Labs |
Release date: November 17, 2016
Platform: Windows
Summary
Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.1.0.1013 and earlier |
Windows |
|
Foxit PhantomPDF |
8.1.0.1013 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
Gogil of STEALIEN working with |
|
Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Use-After-Free vulnerability, which could be leveraged by attackers to execute remote code. |
Gogil of STEALIEN working with |
|
Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Heap-Based Buffer Overflow vulnerability, which could be exploited by attackers to execute remote code. |
Gogil of STEALIEN working with |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 18, 2016
Platform: Windows
Summary
Foxit has released Foxit Reader 8.1 and Foxit PhantomPDF 8.1, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.0.5 and earlier |
Windows |
|
Foxit PhantomPDF |
8.0.5 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a Heap Corruption vulnerability, which could be exploited by attackers to execute arbitrary code. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be leveraged by attackers to execute arbitrary code. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Out-of-Bounds Write vulnerability, which could lead to remote code execution or information disclosure. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability, which could cause the application to crash unexpectedly. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to Heap Buffer Overflow vulnerability, which could lead to remote code execution. |
kdot working with Trend Micro's Zero Day
Initiative |
|
Addressed a potential issue where the application could be exposed to an Integer Overflow vulnerability, which could lead to remote code execution. |
kdot working with Trend Micro's Zero Day Initiative |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: October 18, 2016
Platform: Mac OS X/Linux
Summary
Foxit has released Foxit Reader for Mac and Linux 2.2, which address potential security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
2.1.0.0805 and earlier |
Linux |
|
Foxit Reader |
2.1.0.0804 and earlier |
Mac OS X |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a local privilege escalation vulnerability due to the weak file permissions, which could be exploited by attackers to execute arbitrary code(CVE-2016-8856). |
c0dist (Garage4Hackers) |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: August 8, 2016
Platform: Windows, Mac OS X, Linux
Summary
Foxit has released Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2, which address security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
8.0.0.624 and earlier |
Windows |
|
Foxit Reader |
2.0.0.0625 and earlier |
Mac OS X |
|
Foxit Reader |
1.1.1.0602 and earlier |
Linux |
|
Foxit PhantomPDF |
8.0.1.628 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code. |
Rocco Calvi and Steven Seeley of Source Incite |
|
Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system. |
Himanshu Mehta |
|
Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867). |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak. |
Steven Seeley of Source Incite 5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative |
|
Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868). |
Marco Grassi (@marcograss) of KeenLab
(@keen_lab), Tencent |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: June 27, 2016
Platform: Windows
Summary
Foxit has released Foxit Reader and Foxit PhantomPDF 8.0, which address security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.3.4.311 and earlier |
Windows |
|
Foxit PhantomPDF |
7.3.4.311 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”. |
Rocco Calvi |
|
Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168). |
Steven Seeley of Source Incite, working with
Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources. |
Björn Ruytenberg working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file. |
insertscript working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file. |
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file. |
AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file. |
kdot and anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values. |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string. |
Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description. |
Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files. |
Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169). |
Kai Lu of Fortinet's FortiGuard Labs |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: June 12, 2016
Platform: Linux
Summary
Foxit has released Foxit Reader for Linux 1.1.1, which addresses security and stability issues.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
1.1.0.0225 and earlier |
Linux |
Solution
Update your application to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could crash unexpectedly due to memory corruption or invalid read when opening a specially crafted PDF file, which could be leveraged by attackers to execute a controlled crash. |
Mateusz Jurczyk of Google Project Zero |
For more information, please contact the Foxit Security Response Team at [email protected].
Release date: November 30, 2016
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 7.3.11, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
7.3.9.816 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure. |
Gogil of STEALIEN working with |
|
Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Use-After-Free vulnerability, which could be leveraged by attackers to execute remote code. |
Gogil of STEALIEN working with |
|
Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Heap-Based Buffer Overflow vulnerability, which could be exploited by attackers to execute remote code. |
Gogil of STEALIEN working with |
|
Addressed potential issues where the application could be exposed to a Heap Corruption vulnerability, which could be exploited by attackers to execute arbitrary code. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be leveraged by attackers to execute arbitrary code. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Out-of-Bounds Write vulnerability, which could lead to remote code execution or information disclosure. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability, which could cause the application to crash unexpectedly. |
Dmitri Kaslov |
|
Addressed potential issues where the application could be exposed to Heap Buffer Overflow vulnerability, which could lead to remote code execution. |
kdot working with Trend Micro's Zero |
|
Addressed a potential issue where the application could be exposed to an Integer Overflow vulnerability, which could lead to remote code execution. |
kdot working with Trend Micro's Zero |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: August 22, 2016
Platform: Windows
Summary
Foxit has released Foxit PhantomPDF 7.3.9, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PhantomPDF |
7.3.4.311 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code. |
Rocco Calvi and Steven Seeley of Source Incite |
|
Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system. |
Himanshu Mehta |
|
Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867). |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak. |
Steven Seeley of Source Incite |
|
Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868). |
Marco Grassi (@marcograss) of KeenLab
(@keen_lab), Tencent |
|
Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”. |
Rocco Calvi |
|
Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168). |
Steven Seeley of Source Incite, working with
Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources. |
Björn Ruytenberg working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file. |
insertscript working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file. |
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file. |
AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file. |
kdot working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file. |
kdot and anonymous working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values. |
Steven Seeley of Source Incite |
|
Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string. |
Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description. |
Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files. |
Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169). |
Kai Lu of Fortinet's FortiGuard Labs |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 16, 2016
Platform: Windows
Summary
Foxit has released Foxit Reader and Foxit PhantomPDF 7.3.4, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.3.0.118 and earlier |
Windows |
|
Foxit PhantomPDF |
7.3.0.118 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could still use the pointer after the object it pointed had been removed, which could cause an application crash. |
Mateusz Jurczyk, Google Project Zero |
|
Addressed a potential issue where the application could crash caused by the error in parsing malformed content stream. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application recursively called the format error of some PDFs and led to no response when opening the PDF. |
Ke Liu of Tencent’s Xuanwu LAB |
|
Addressed a potential issue where the application could not parse the image content in the document normally. |
Jaanus Kp, Clarified Security, working with Trend Micro's Zero Day Initiative (ZDI) |
|
Addressed a potential issue where the destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer. |
Mario Gomes(@NetFuzzer), working with Trend Micro's Zero Day Initiative (ZDI) |
|
Addressed a potential issue where the application could crash caused by the error in decoding corrupted images during PDF conversion with the gflags app enabled. |
AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI) |
|
Addressed a potential issue where XFA’s underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA. |
kdot, working with Trend Micro's Zero Day Initiative (ZDI) |
|
Addressed a potential issue where the application could call JavaScripts to do Save As or Print when closing the document. |
AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI) |
|
Addressed a potential issue where the TimeOut function responded incorrectly and could cause the application crash. |
AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI) |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: Jan. 20, 2016
Platform: Windows
Summary
Foxit has released Foxit Reader and Foxit PhantomPDF 7.3, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.2.8.1124 and earlier |
Windows |
|
Foxit PhantomPDF |
7.2.2.929 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution Vulnerability. |
Mario Gomes(@NetFuzzer), working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution Vulnerability. |
AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to the WillClose Action Use-After-Free Remote Code Execution Vulnerability. |
AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to remote code execution vulnerability when opening certain PDF file with images. |
Rocco Calvi, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to XFA FormCalc Replace Integer Overflow Vulnerability. |
HPE Zero Day Initiative, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Remote Code Execution Vulnerability due to JBIG2 Out-of-Bounds Read. |
kdot, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when parsing certain PDF files that contain malformed images. |
Francis Provencher, COSIG |
|
Addressed a potential issue where the application could crash unexpectedly when converting certain image with incorrect image data. |
kdot, working with HP's Zero Day Initiative |
|
Addressed a potential Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability. |
Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to DLL hijacking vulnerability when trying to load xpsp2res.dll or phoneinfo.dll. |
Ke Liu of Tencent’s Xuanwu LAB |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: October 8, 2015
Platform: Windows
Summary
Foxit has released Foxit Reader and Foxit PhantomPDF 7.2.2, which fixed some security issues where the application could be exposed to some vulnerabilities or crash unexpectedly.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.2.0.722 and earlier |
Windows |
|
Foxit PhantomPDF |
7.2.0.722 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where attacker could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code. |
Zhipeng Huo of Tencent's Xuanwu Lab |
|
Addressed a potential issue where the application could crash unexpectedly when opening certain secured PDF files. |
kdot, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe. |
Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe. |
Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms. |
Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when printing certain PDF files. |
AbdulAziz Hariri, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly when saving certain PDF files. |
AbdulAziz Hariri, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability. |
AbdulAziz Hariri and Jasiel Spelman, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document. |
AbdulAziz Hariri, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the application could crash unexpectedly due to recursive reference. |
Guillaume Endignoux of ANSSI |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: July 29, 2015
Platform: Windows
Summary
Foxit has released Foxit Reader and Foxit PhantomPDF 7.2, which address security vulnerabilities that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.1.5.425 and earlier |
Windows |
|
Foxit Enterprise Reader |
7.1.5.425 and earlier |
Windows |
|
Foxit PhantomPDF |
7.1.5.425 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where attackers could exploit a PDF creator plugin vulnerability to execute arbitrary code. |
Sascha Schirra |
|
Addressed a potential issue where the applications could be exposed to a remote code execution when converting a TIFF file to PDF file. |
Steven Seeley of Source Incite, working with HP's Zero Day Initiative |
|
Addressed a potential issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file. |
Steven Seeley of Source Incite, working with HP's Zero Day Initiative |
|
Addressed a potential issue where memory corruption may occur when opening certain XFA forms. |
Kai Lu of Fortinet's FortiGuard Labs |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: May 18, 2015
Platform: Android
Summary
Foxit has released Foxit MobilePDF for Android 3.3.2, which addresses a security vulnerability that could potentially allow an attacker to intercept the username and password of user’s cloud service.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit MobilePDF for Android |
3.3.1 and earlier |
Android |
|
Foxit MobilePDF Business for Android |
3.3.1 and earlier |
Android |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where credentials of cloud services may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF. |
Sam Bowne |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: April 24, 2015
Platform: Windows
Summary
Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5, which address security vulnerabilities that could potentially allow an attacker to execute controlled crash.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.1.0.306 and 7.1.3.320 |
Windows |
|
Foxit Enterprise Reader |
7.1.0.306 and 7.1.3.320 |
Windows |
|
Foxit PhantomPDF |
7.1.0.306, 7.1.2.311, 7.1.3.320 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where memory corruption may occur when parsing a PDF file that contains an invalid stream. |
Francis Provencher of Protek Research Lab's |
|
Addressed a potential issue where memory corruption may occur during digital signature verification. |
Kai Lu of Fortinet's FortiGuard Labs |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 9, 2015
Platform: Windows
Summary
Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1, which address security vulnerabilities that could potentially allow an attacker to execute malicious file or controlled crash.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
7.0.6.1126 and earlier |
Windows |
|
Foxit Enterprise Reader |
7.0.6.1126 and earlier |
Windows |
|
Foxit PhantomPDF |
7.0.6.1126 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files. |
Aljaz Ceru of InSec |
|
Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution. |
Francis Provencher of Protek Research Lab's |
|
Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution. |
Francis Provencher of Protek Research Lab's |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: September 29, 2014
Platform: Windows
Summary
Foxit has released Foxit PDF SDK ActiveX 5.0.2.924, which addresses a security vulnerability where applications built on Foxit PDF SDK ActiveX could be exposed to Buffer Overflow.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF SDK ActiveX |
2.3 to 5.0.1.820 |
Windows |
Solution
Please contact our support team via [email protected] or 02-522-8291 (24/7) to upgrade to Foxit PDF SDK ActiveX 5.0.2.924.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method. |
Andrea Micalizzi (rgod), working with Hewlett-Packard's Zero Day Initiative (ZDI) |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: July 1, 2014
Platform: Windows
Summary
Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1 which address a security vulnerability that could potentially allow an attacker to execute malicious file.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
6.2.0.429 and earlier |
Windows |
|
Foxit Enterprise Reader |
6.2.0.429 and earlier |
Windows |
|
Foxit PhantomPDF |
6.2.0.429 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page. |
Bernardo Rodrigues |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 9, 2015
Platform: Windows
Summary
Foxit has released Foxit PDF SDK DLL 3.1.1.5005, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit PDF SDK DLL |
3.1.1.2927 and earlier |
Windows |
Solution
Please contact our support team via [email protected] or 02-522-8291 (24/7) to upgrade to Foxit PDF SDK DLL 3.1.1.5005.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method. |
Hewlett-Packard’s Zero Day Initiative (ZDI) |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: February 19, 2014
Platform: Windows
Summary
Foxit has released Foxit Reader 6.1.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
6.1.2.1224 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where Foxit Reader tried to load imgseg.dll, which could be exploited. |
Hossam Hosam |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: February 7, 2013
Platform: Windows
Summary
Foxit has released Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3, which address a security vulnerability that could potentially allow an attacker to execute arbitrary code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.4.4 and earlier |
Windows |
|
Foxit PhantomPDF |
5.4.2 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code. |
Secunia |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: January 14, 2013
Platform: Windows
Summary
Foxit has released Foxit Advanced PDF Editor 3.0.4.0, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Advanced PDF Editor |
3.0.0.0 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception. |
CERT Coordination Center |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: September 26, 2012
Platform: Windows
Summary
Foxit has released Foxit Reader 5.4.3, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.4.2.0901 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where the insecure application loading libraries could be exploited to attack the application. |
Parvez Anwar of Secunia SVCRP |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: September 6, 2012
Platform: Windows
Summary
Foxit has released Foxit Reader 5.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.3.1.0606 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file. |
Remy Brands |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: May 3, 2012
Platform: Windows
Summary
Foxit has released Foxit Reader 5.3, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.1.4.0104 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed an issue where users cannot open the attachments of PDF files in XP and Windows7. |
John Leitch of Microsoft Vulnerability Research |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: December 7, 2011
Platform: Windows
Summary
Foxit has released Foxit Reader 5.1.3, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.1.0.1021 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities when opening certain PDF files. |
Alex Garbutt of iSEC Partners, Inc. |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: July 21, 2011
Platform: Windows
Summary
Foxit has released Foxit Reader 5.0.2, which addresses security vulnerabilities that could potentially allow an attacker to execute arbitrary code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
5.0 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue of arbitrary code execution when opening certain PDF files. |
Rob Kraus of Security Consulting Services (SCS) |
|
Addressed an issue of Foxit Reader when opening certain PDF files in a web browser. |
Dmitriy Pletnev of Secunia Research |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: May 26, 2011
Platform: Windows
Summary
Foxit has released Foxit Reader 5.0, which addresses a security vulnerability that could potentially allow an attacker to execute malicious code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
4.3.1.0218 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed an issue of Foxit Reader when opening some affected PDF files. |
Brett Gervasoni of Sense of Security Pty Ltd |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: February 24, 2011
Platform: Windows
Summary
Foxit has released Foxit Reader 4.3.1.0218, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
4.3 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed an issue of the Foxit Reader software that is caused by illegal accessing memory. |
Secunia Research |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: September 29, 2010
Platform: Windows
Summary
Foxit has released Foxit Reader 4.2, which addresses a security vulnerability that could potentially allow an attacker to compromise the digital signature.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
4.1 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential identity theft issue caused by the security flaw of the digital signature. |
Foxit |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: August 6, 2010
Platform: Windows
Summary
Foxit has released Foxit Reader 4.1.1.0805, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
4.0 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential crash issue caused by the new iPhone/iPad jailbreak program efficiently and prevents the malicious attacks to your computer. |
Foxit |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: June 29, 2010
Platform: Windows
Summary
Foxit has released Foxit Reader 4.0.0.0619, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
4.0 and earlier |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue caused by numerical overflow in the freetype engine when opening some PDF files. |
David Seidman of Microsoft and Microsoft Vulnerability Research (MSVR) |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: April 1, 2010
Platform: Windows
Summary
Foxit has released Foxit Reader 3.2.1.0401, which addresses a security vulnerability that could potentially allow an attacker to execute the embedded program inside a PDF.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
3.2.0.0303 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user's permission. |
Didier Stevens |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: November 17, 2009
Platform: Windows
Summary
Foxit has released Firefox Plugin 1.1.2009.1117 for Foxit Reader, which addresses memory corruption vulnerability.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
3.1.2.1013 and 3.1.2.1030 |
Windows |
Solution
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue caused by an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll), which could be exploited to trigger a memory corruption. |
Foxit and Secunia |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: June 19, 2009
Platform: Windows
Summary
Foxit has released Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616, which address security vulnerabilities that could potentially result in invalid address access.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
3.0 |
Windows |
|
JPEG2000/JBIG2 Decoder Add-on |
2.0.2009.303 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a potential issue related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. |
CERT |
|
Addressed a potential issue related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. |
CERT |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 9 2009
Platform: Windows
Summary
Foxit has released Foxit Reader 3.0 Build 1506, which addresses stack-based buffer overflow and security authorization bypass vulnerabilities.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
3.0 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a stack-based buffer overflow vulnerability. |
Foxit Security Response Team |
|
Addressed a security authorization bypass vulnerability. |
Foxit Security Response Team |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 9 2009
Platform: Windows
Summary
Foxit has released Foxit Reader 2.3 Build 3902, which addresses security authorization bypass vulnerability.
Affected versions
|
Product |
Affected versions |
Platform |
|
Foxit Reader |
2.3 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a security authorization bypass vulnerability. |
Foxit Security Response Team |
For more information, please contact Foxit Security Response Team at [email protected].
Release date: March 9, 2009
Platform: Windows
Summary
Foxit has released JPEG2000/JBIG Decoder Add-on 2.0.2009.303, which addresses JBIG2 symbol dictionary processing vulnerability.
Affected versions
|
Product |
Affected versions |
Platform |
|
JPEG2000/JBIG Decoder Add-on |
2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3 |
Windows |
Solution
Update your applications to the latest versions by following one of the instructions below.
Vulnerability details
|
Brief |
Acknowledgement |
|
Addressed a JBIG2 symbol dictionary processing vulnerability. |
Secunia |
For more information, please contact Foxit Security Response Team at [email protected].
The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn't have the reported vulnerability.
Click here to check the related report on secunia.com