CVE-2020-26540

Published: Oct 2, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

Affected (2)

Products: Foxitsoftware: Foxit Reader, Phantompdf

Foxitsoftware

2 products

Foxit Reader

Phantompdf

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxitsoftware Foxit Reader	Before 4.1
Foxitsoftware Phantompdf	Before 4.1

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.foxitsoftware.com/support/security-bulletins.html

Source: cve@mitre.org

PatchVendor Advisory

https://www.foxitsoftware.com/support/security-bulletins.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.