R0Fm1A

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This issue is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format, potentially leading to a denial of service and information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PhantomPDF (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the processing of AcroForms due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, potentially in conjunction with other vulnerabilities, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Reader, consider disabling the processing of AcroForms until a patch is available. For Foxit PhantomPDF, restrict access to the AcroForms feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PhantomPDF versions (affected versions not specified) Foxit Reader versions (affected versions not specified) **Description** The issue is related to a buffer overflow when handling annotation objects, which can allow a remote attacker to execute arbitrary code using a specially crafted malicious PDF file. The vulnerability exists due to the lack of validation of an object's existence before performing operations on it. This can be leveraged by an attacker, in conjunction with other vulnerabilities, to disclose sensitive information on affected installations. User interaction is required, such as visiting a malicious page or opening a malicious file. **Recommendations** For Foxit PhantomPDF, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Foxit Reader, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects, resulting from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.11-14 **Description** The issue is related to a heap-based buffer overflow vulnerability in the `ReadTIFFImage()` function of ImageMagick. This vulnerability is caused by an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 7.0.11-14, update to version 7.0.11-14 or later to resolve the issue. As a temporary workaround, consider disabling the `ReadTIFFImage()` function in coders/tiff.c until a patch is available.

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 11.0.0.49893 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Annotation objects, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. Recommendations: For Foxit PDF Reader version 11.0.0.49893, consider disabling the handling of Annotation objects as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 11.0.0.49893 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Annotation objects due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. Recommendations: For Foxit PDF Reader version 11.0.0.49893, as a temporary workaround, consider disabling the handling of Annotation objects until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PhantomPDF (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Annotation objects due to the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this, in conjunction with other vulnerabilities, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Reader, consider disabling the handling of Annotation objects until a patch is available. For Foxit PhantomPDF, restrict access to the annotation processing module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PhantomPDF and Foxit Reader (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the handling of Annotation objects, which can result from the lack of proper validation of user-supplied data. This can allow remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PhantomPDF (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Annotation objects due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader, consider disabling the handling of Annotation objects until a patch is available. For Foxit PhantomPDF, restrict access to the annotation processing module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.