CVE-2020-13547
22.12.2020, 19:15
A type confusion vulnerability exists in the JavaScript engine of Foxit Softwares Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
| Vendor | Product | Version |
|---|---|---|
| foxitsoftware | foxit_reader | 10.0.0.37527 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.