Fwd: [CIVN-2020-0443] Multiple Vulnerabilities in Foxit Reader and Foxit Phantom PDF

1 year ago 70

Severity Rating: MEDIUM

Software Affected

Foxit Reader and earlier

Foxit PhantomPDF and earlier


Multiple vulnerabilities has been reported in Foxit Reader and Foxit

Phantom PDF for windows where a null pointer access/dereference while

opening a crafted PDF file lead to application crash and DoS.


The application could be exposed to Denial of Service vulnerability and

crash when opening certain PDF files that contained illegal value in the

/Size entry of the Trail dictionary. This occurs due to the array overflow

as the illegal value in the /Size entry causes an error in initializing the

array size for storing the compression object streams, and an object number

which is larger than the initialization value is used as the array index

while parsing the cross-reference streams. 

Successful exploitation of this vulnerability could allow the attacker to

cause denial-of-service in Foxit Reader and Foxit Phantom PDF.


Apply appropriate fix as mentioned in Foxit Advisory 

Vendor Information




CVE Name


Read Entire Article