Out-of-bounds write in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2020-26535

 

Out-of-bounds write in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2020-26535

Published: September 29, 2020 / Updated: October 28, 2020


Vulnerability identifier: #VU47137
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-26535
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the V8 JavaScript engine, which is resulted from the failure to properly handle the situation where the Index returned during the allocation of thread local storage by TslAlloc function exceeds the limits acceptable by the V8 JavaScript engine. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


How to mitigate CVE-2020-26535

Install updates from vendor's website.

Sources