CVE-2020-11493

CWE-3453 documents3 sources
Severity
8.1HIGH
EPSS
0.1%
top 77.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxitsoftware PhantompdfFoxitsoftware Reader
Timeline
PublishedSep 4
Latest updateMay 24

Description

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDfoxitsoftware/phantompdf9.7.2.29539+1
NVDfoxitsoftware/reader10.0.0.35798

🔴Vulnerability Details

2
GHSA
GHSA-3qpg-r423-v8v2: In Foxit Reader and PhantomPDF before 102022-05-24
CVEList
CVE-2020-11493: In Foxit Reader and PhantomPDF before 102020-09-04
CVE-2020-11493 (HIGH CVSS 8.1) | In Foxit Reader and PhantomPDF befo | cvebase.io