vulnerability

Foxit Reader: Improper Check for Unusual or Exceptional Conditions (CVE-2020-35931)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Dec 31, 2020	Jan 11, 2021	Jan 11, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Dec 31, 2020

Added

Jan 11, 2021

Modified

Jan 11, 2021

Description

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.

Solution

foxit-reader-upgrade-10_1_1

References

CVE-2020-35931
https://attackerkb.com/topics/CVE-2020-35931
URL-https://www.foxitsoftware.com/support/security-bulletins.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today