Main Vulnerability Database SB2020113011

SB2020113011 - Input validation error in Foxit PhantomPDF Mac and Foxit Reader Mac

Published: November 30, 2020

Security Bulletin ID SB2020113011

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. A remote attacker can perform the Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered.

Remediation

Install update from vendor's website.

References

https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+Mac+4.1.1+and+Foxit+Reader+Mac+4.1.12020-11-30+00%3A00%3A00