CVE-2020-11493

HIGH

Foxitsoftware Phantompdf < 9.7.2.29539 - Data Authenticity Bypass

Title source: rule

Description

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Exploits (1)

nomisec WORKING POC 1 stars

by fengjixuchui · poc

https://github.com/fengjixuchui/CVE-2020-11493

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.foxitsoftware.com/support/security-bulletins.php

Scores

CVSS v3 8.1

EPSS 0.0008

EPSS Percentile 22.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-345

Status published

Products (2)

foxitsoftware/phantompdf < 9.7.2.29539

foxitsoftware/reader < 10.0.0.35798

Published Sep 04, 2020

Tracked Since Feb 18, 2026