Main Vulnerability Database Vulnerabilities #VU48712

#VU48712 Input validation error in Foxit PDF Editor (formerly Foxit PhantomPDF) and Foxit PDF Reader for Mac

Published: November 30, 2020

Vulnerability identifier: #VU48712

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Mac

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. A remote attacker can perform the Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered.

Remediation

Install updates from vendor's website.

External links

https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+Mac+4.1.1+and+Foxit+Reader+Mac+4.1.12020-11-30+00%3A00%3A00

#VU48712 Input validation error in Foxit PDF Editor (formerly Foxit PhantomPDF) and Foxit PDF Reader for Mac

Description

Remediation

External links

Please verify you're human