Fwd: [CIVN-2020-0443] Multiple Vulnerabilities in Foxit Reader and Foxit Phantom PDF

1 year ago 70

Severity Rating: MEDIUM

Software Affected

Foxit Reader 10.1.0.37527 and earlier

Foxit PhantomPDF 10.1.0.37527 and earlier

Overview

Multiple vulnerabilities has been reported in Foxit Reader and Foxit

Phantom PDF for windows where a null pointer access/dereference while

opening a crafted PDF file lead to application crash and DoS.

Description

The application could be exposed to Denial of Service vulnerability and

crash when opening certain PDF files that contained illegal value in the

/Size entry of the Trail dictionary. This occurs due to the array overflow

as the illegal value in the /Size entry causes an error in initializing the

array size for storing the compression object streams, and an object number

which is larger than the initialization value is used as the array index

while parsing the cross-reference streams. 

Successful exploitation of this vulnerability could allow the attacker to

cause denial-of-service in Foxit Reader and Foxit Phantom PDF.

Solution

Apply appropriate fix as mentioned in Foxit Advisory 

Vendor Information

Foxit

References

Foxit

CVE Name

CVE-2020-28203


Read Entire Article