Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Published

2020-09-04T04:15:11.733

Last Modified

2024-11-21T04:58:00.553

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	foxitsoftware	phantompdf	≤ 9.7.2.29539	Yes
Operating System	microsoft	windows	-	No
Application	foxitsoftware	phantompdf	≤ 10.0.0.35798	Yes
Application	foxitsoftware	reader	≤ 10.0.0.35798	Yes
Operating System	microsoft	windows	-	No

References

https://www.foxitsoftware.com/support/security-bulletins.php Vendor Advisory ([email protected])
https://www.foxitsoftware.com/support/security-bulletins.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)