Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-9248

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-22 Nov, 2024 | 21:19
Updated At-26 Nov, 2024 | 15:57
Rejected At-
Credits

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24300.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:22 Nov, 2024 | 21:19
Updated At:26 Nov, 2024 | 15:57
Rejected At:
▼CVE Numbering Authority (CNA)
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24300.

Affected Products
Vendor
Foxit Software IncorporatedFoxit
Product
PDF Reader
Default Status
unknown
Versions
Affected
  • 2024.2.2.25170
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-24-1302/
x_research-advisory
https://www.foxit.com/support/security-bulletins.html
vendor-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1302/
Resource:
x_research-advisory
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Foxit Software Incorporatedfoxit
Product
pdf_reader
CPEs
  • cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2024.2.3.25184 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:22 Nov, 2024 | 22:15
Updated At:29 Nov, 2024 | 18:20

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24300.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions up to 11.2.10.53951(inclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:windows:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions from 12.0(inclusive) to 12.1.7.15526(inclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:windows:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions from 13.0(inclusive) to 13.1.3.22478(inclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:windows:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions from 2023.0(inclusive) to 2023.3.0.23028(inclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:windows:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions from 2024.0(inclusive) to 2024.2.3.25184(inclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:windows:*:*
Foxit Software Incorporated
foxit
>>pdf_reader>>Versions up to 2024.2.3.25184(inclusive)
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondaryzdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Secondary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.foxit.com/support/security-bulletins.htmlzdi-disclosures@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-1302/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1302/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3088Records found
CVE-2021-34963
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34834
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.63%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14014.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2021-34968
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-31441
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13101.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2021-31435
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.82%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 16:31
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12331.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowsfoxit_studio_photoStudio Photo
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2021-31450
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13084.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2021-31460
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13096.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-31451
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13089.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2021-31457
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-31456
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13102.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-31461
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.94%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-31459
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-31458
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13150.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-31453
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13092.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2021-27267
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12294.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2021-27261
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.57% / 88.77%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12269.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30359
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.74% / 85.40%
||
7 Day CHG+0.71%
Published-02 Apr, 2024 | 20:17
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of 3D objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22888.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30323
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.74% / 85.40%
||
7 Day CHG+0.71%
Published-03 Apr, 2024 | 16:21
Updated-11 Aug, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22501.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27268
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2024-30371
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.22% / 83.83%
||
7 Day CHG+0.57%
Published-02 Apr, 2024 | 20:28
Updated-08 Aug, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30334
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-03 Apr, 2024 | 16:24
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22640.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30366
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-03 Apr, 2024 | 16:24
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23002.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30332
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-03 Apr, 2024 | 16:23
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22638.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30333
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-03 Apr, 2024 | 16:23
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22639.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30330
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.72% / 87.51%
||
7 Day CHG+0.95%
Published-03 Apr, 2024 | 16:22
Updated-09 Jul, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22636.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30339
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-02 Apr, 2024 | 20:11
Updated-07 Aug, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22706.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30328
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-03 Apr, 2024 | 16:22
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22633.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30327
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-03 Apr, 2024 | 16:22
Updated-11 Aug, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22632.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30336
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-02 Apr, 2024 | 20:10
Updated-07 Aug, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22642.

Action-Not Available
Vendor-Foxit Software IncorporatedApple Inc.Microsoft Corporation
Product-macoswindowspdf_editorpdf_readerPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30352
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-02 Apr, 2024 | 20:15
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22800.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-27271
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.54% / 88.74%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30346
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-02 Apr, 2024 | 20:13
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22745.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30362
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.53% / 84.83%
||
7 Day CHG+0.65%
Published-02 Apr, 2024 | 20:18
Updated-08 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30353
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.74% / 85.40%
||
7 Day CHG+0.71%
Published-02 Apr, 2024 | 20:15
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22807.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30331
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-03 Apr, 2024 | 16:23
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22637.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-27270
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.96% / 85.94%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30358
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.68% / 87.44%
||
7 Day CHG+0.94%
Published-02 Apr, 2024 | 20:17
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22821.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30338
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-02 Apr, 2024 | 20:11
Updated-07 Aug, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22705.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30361
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-02 Apr, 2024 | 20:17
Updated-08 Aug, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22877.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30357
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.37% / 84.33%
||
7 Day CHG+0.61%
Published-02 Apr, 2024 | 20:16
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-30337
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-02 Apr, 2024 | 20:10
Updated-07 Aug, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22704.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30343
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG+1.07%
Published-02 Apr, 2024 | 20:12
Updated-08 Aug, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22721.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30324
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG+1.11%
Published-03 Apr, 2024 | 16:21
Updated-11 Aug, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22576.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2019-6775
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.94% / 75.31%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 17:37
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2024-12752
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 20:13
Updated-08 Aug, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-12751
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 20:13
Updated-08 Aug, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-42089
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.40% / 60.15%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21586.

Action-Not Available
Vendor-Foxit Software Incorporated
Product-pdf_editorpdf_editor_for_macpdf_readerPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2020-8857
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.23% / 78.34%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 22:20
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2020-8869
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.72% / 87.50%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 20:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9881.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowsfoxit_studio_photoStudio Photo
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-42092
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.93%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-02 Aug, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21676.

Action-Not Available
Vendor-Foxit Software Incorporated
Product-pdf_editorpdf_readerPDF Readerpdf_editor
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 61
  • 62
  • Next
Details not found