CVE-2020-26539
published 2020-10-02CVE-2020-26539: An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | < 10.1 | 10.1 |
| foxitsoftware | phantompdf | < 10.1 | 10.1 |