In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
References
Link | Resource |
---|---|
https://www.foxitsoftware.com/support/security-bulletins.php | Vendor Advisory |
Configurations
Information
Published : 2020-09-03 21:15
Updated : 2020-09-09 08:16
NVD link : CVE-2020-11493
Mitre link : CVE-2020-11493
JSON object : View
CWE
CWE-345
Insufficient Verification of Data Authenticity
Products Affected
microsoft
- windows
foxitsoftware
- reader
- phantompdf