CVE-2020-11493
published 2020-09-04CVE-2020-11493: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of…
high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | phantompdf | <= 9.7.2.29539 | — |
| foxitsoftware | phantompdf | <= 10.0.0.35798 | — |
| foxitsoftware | reader | <= 10.0.0.35798 | — |