Main Vulnerability Database Vulnerabilities #VU34001

#VU34001 Input validation error in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2020-11493

Published: August 5, 2020 / Updated: September 29, 2020

Vulnerability identifier: #VU34001

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-11493

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing PDF files. A remote attacker can create a PDF file with specially crafted XObject, trick the victim into opening it and gain access to sensitive information or crash the application.

Remediation

Install updates from vendor's website.

External links

https://www.foxitsoftware.com/support/security-bulletins.html

#VU34001 Input validation error in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2020-11493

Description

Remediation

External links

Please verify you're human