CVE-2020-12247
published 2020-09-04CVE-2020-12247: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a…
high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | phantompdf | <= 9.7.2.29539 | — |
| foxitsoftware | phantompdf | <= 10.0.0.35798 | — |
| foxitsoftware | reader | <= 10.0.0.35798 | — |