Monthly Archive: June 2020

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. Date published : 2020-06-04...

An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. Date published : 2020-06-04...

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Date published : 2020-06-04 https://security.netapp.com/advisory/ntap-20200717-0001/ https://www.openwall.com/lists/oss-security/2020/06/04/2

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Date published : 2020-06-04 https://security.netapp.com/advisory/ntap-20200717-0001/ https://www.openwall.com/lists/oss-security/2020/06/04/1