In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
References
Link | Resource |
---|---|
https://www.foxitsoftware.com/support/security-bulletins.php | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-04T03:31:20
Updated: 2020-09-04T03:31:20
Reserved: 2020-04-02T00:00:00
Link: CVE-2020-11493
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-04T04:15:11.733
Modified: 2020-09-09T15:16:51.477
Link: CVE-2020-11493
JSON object: View
Redhat Information
No data.
CWE