Incorrect vulnerability reporting for Foxit Phantom PDF v8

Copper Contributor

We have a number of PCs with Phantom PDF V8 installed.

ATP is incorrectly reporting lots of vulnerabilities with the latest version

ATP is reporting that this contains 322 Vulnerabilities.  For example, CVE-2018-17615 (ZDI-CAN-6333) is listed, this was patched in Phantom 8.3.8, and Phantom 9.3 



4 Replies

Thank you for reporting this.

Indeed, the fix affected 2 releases (and earlier) & (and earlier) and we only covered the latter. This should be fixed in the next 24 hours. 



@Tomer Teller 

Hi, Is there any update on this?   Phantom is still showing as having 315 vulnerabilities, including the one mentioned in the first post.


@Tomer Teller 

Version is now showing 230 vulnerabilities.  I believe this should be zero.

For example CVE-2018-14442 AKA V-88f4smlocs was fixed in Phantom version 8.3.7 and 9.2.


It would be great to get this fixed!

@SteveJ50 The team is going to address all FoxIT security bulletin in our next update. This will solve the issue for all 230 vulnerabilities.