CVE-2020-11493

Published: Sep 4, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Affected (3)

Products: Foxitsoftware: Phantompdf, Reader

Foxitsoftware

2 products

Phantompdf

Reader

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Foxitsoftware Phantompdf	Up to 9.7.2.29539

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxitsoftware Phantompdf	Up to 10.0.0.35798
Foxitsoftware Reader	Up to 10.0.0.35798

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-345

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (2)

https://www.foxitsoftware.com/support/security-bulletins.php

Source: cve@mitre.org

Vendor Advisory

https://www.foxitsoftware.com/support/security-bulletins.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.