CVE-2020-11493

EUVD-2020-3846
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
foxitsoftwarephantompdf
𝑥
≤ 9.7.2.29539
foxitsoftwarephantompdf
𝑥
≤ 10.0.0.35798
foxitsoftwarereader
𝑥
≤ 10.0.0.35798
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.foxitsoftware.com/support/security-bulletins.php
https://www.foxitsoftware.com/support/security-bulletins.php