CVE-2020-11493

MEDIUM

Description

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

References

https://www.foxitsoftware.com/support/security-bulletins.php

Details

Source: MITRE

Published: 2020-09-04

Updated: 2020-09-09

Type: CWE-345

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH