CVE-2020-12248
published 2020-09-04CVE-2020-12248: In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | phantompdf | <= 9.7.2.29539 | — |
| foxitsoftware | phantompdf | <= 10.0.0.35798 | — |
| foxitsoftware | reader | <= 10.0.0.35798 | — |