CVE-2020-13548

HIGH

Foxit Reader 10.1.0.37527 - Use-After-Free via Crafted PDF Document

Title source: llm
STIX 2.1

Description

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1166

Scores

CVSS v3 8.8
EPSS 0.2571
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
foxitsoftware/foxit_reader 10.1.0.37527
Published Feb 10, 2021
Tracked Since Feb 18, 2026