Vulnerabilities > CVE-2020-15637 - Use After Free vulnerability in Foxitsoftware Phantompdf

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

foxitsoftware

CWE-416

NVD

Published: 2020-08-20

Updated: 2020-08-24

Summary

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10972.

Vulnerable Configurations

Part	Description	Count
Application	Foxitsoftware Foxitsoftware Phantompdf 1.0.2 Foxitsoftware Phantompdf 2.0 Foxitsoftware Phantompdf 2.1 Foxitsoftware Phantompdf 2.1.1 Foxitsoftware Phantompdf 2.2 Foxitsoftware Phantompdf 2.2.1 Foxitsoftware Phantompdf 2.2.3 Foxitsoftware Phantompdf 3.0.1 Foxitsoftware Phantompdf 3.3 Foxitsoftware Phantompdf 3.4 Foxitsoftware Phantompdf 4.0 Foxitsoftware Phantompdf 4.1 Foxitsoftware Phantompdf 5.0.2 Foxitsoftware Phantompdf 5.0.2.0721 Foxitsoftware Phantompdf 5.0.3 Foxitsoftware Phantompdf 5.0.3.0811 Foxitsoftware Phantompdf 5.1 Foxitsoftware Phantompdf 5.1.1.1214 Foxitsoftware Phantompdf 5.1.2 Foxitsoftware Phantompdf 5.1.2.0305 Foxitsoftware Phantompdf 5.2 Foxitsoftware Phantompdf 5.2.0.0502 Foxitsoftware Phantompdf 5.2.1 Foxitsoftware Phantompdf 5.2.1.0615 Foxitsoftware Phantompdf 5.4 Foxitsoftware Phantompdf 5.4.0.0902 Foxitsoftware Phantompdf 5.4.2 Foxitsoftware Phantompdf 5.4.2.0918 Foxitsoftware Phantompdf 5.4.3 Foxitsoftware Phantompdf 5.4.3.1106 Foxitsoftware Phantompdf 6.0 Foxitsoftware Phantompdf 6.0.2.0413 Foxitsoftware Phantompdf 6.0.5 Foxitsoftware Phantompdf 6.0.5.0618 Foxitsoftware Phantompdf 6.0.7 Foxitsoftware Phantompdf 6.0.7.0806 Foxitsoftware Phantompdf 6.1 Foxitsoftware Phantompdf 6.1.1.1025 Foxitsoftware Phantompdf 6.1.2 Foxitsoftware Phantompdf 6.1.2.1227 Foxitsoftware Phantompdf 6.2 Foxitsoftware Phantompdf 6.2.0.0429 Foxitsoftware Phantompdf 6.2.1 Foxitsoftware Phantompdf 6.2.1.0168 Foxitsoftware Phantompdf 7.0 Foxitsoftware Phantompdf 7.0.3.916 Foxitsoftware Phantompdf 7.0.6 Foxitsoftware Phantompdf 7.0.6.1126 Foxitsoftware Phantompdf 7.1 Foxitsoftware Phantompdf 7.1.0.306 Foxitsoftware Phantompdf 7.1.3.320 Foxitsoftware Phantompdf 7.1.5 Foxitsoftware Phantompdf 7.1.5.425 Foxitsoftware Phantompdf 7.2 Foxitsoftware Phantompdf 7.2.0.0722 Foxitsoftware Phantompdf 7.2.0.722 Foxitsoftware Phantompdf 7.2.2 Foxitsoftware Phantompdf 7.2.2.0929 Foxitsoftware Phantompdf 7.3 Foxitsoftware Phantompdf 7.3.0.0118 Foxitsoftware Phantompdf 7.3.0.118 Foxitsoftware Phantompdf 7.3.4 Foxitsoftware Phantompdf 7.3.4.0311 Foxitsoftware Phantompdf 7.3.4.311 Foxitsoftware Phantompdf 7.3.9 Foxitsoftware Phantompdf 7.3.9.0816 Foxitsoftware Phantompdf 7.3.11 Foxitsoftware Phantompdf 7.3.11.1122 Foxitsoftware Phantompdf 7.3.13 Foxitsoftware Phantompdf 7.3.13.421 Foxitsoftware Phantompdf 7.3.15 Foxitsoftware Phantompdf 7.3.15.712 Foxitsoftware Phantompdf 7.3.17 Foxitsoftware Phantompdf 7.3.17.906 Foxitsoftware Phantompdf 8.0 Foxitsoftware Phantompdf 8.0.0.624 Foxitsoftware Phantompdf 8.0.2 Foxitsoftware Phantompdf 8.0.2.805 Foxitsoftware Phantompdf 8.1 Foxitsoftware Phantompdf 8.1.0.1013 Foxitsoftware Phantompdf 8.1.1 Foxitsoftware Phantompdf 8.1.1.1115 Foxitsoftware Phantompdf 8.2 Foxitsoftware Phantompdf 8.2.0.2192 Foxitsoftware Phantompdf 8.2.1 Foxitsoftware Phantompdf 8.2.1.6871 Foxitsoftware Phantompdf 8.3 Foxitsoftware Phantompdf 8.3.0.14878 Foxitsoftware Phantompdf 8.3.1 Foxitsoftware Phantompdf 8.3.1.21155 Foxitsoftware Phantompdf 8.3.2 Foxitsoftware Phantompdf 8.3.2.25013 Foxitsoftware Phantompdf 8.3.5 Foxitsoftware Phantompdf 8.3.5.30351 Foxitsoftware Phantompdf 8.3.6 Foxitsoftware Phantompdf 8.3.6.35572 Foxitsoftware Phantompdf 8.3.7 Foxitsoftware Phantompdf 8.3.7.38093 Foxitsoftware Phantompdf 8.3.8.39677 Foxitsoftware Phantompdf 8.3.9.41099 Foxitsoftware Phantompdf 8.3.10 Foxitsoftware Phantompdf 8.3.10.42705 Foxitsoftware Phantompdf 8.3.11 Foxitsoftware Phantompdf 8.3.11.45106 Foxitsoftware Phantompdf 8.3.12 Foxitsoftware Phantompdf 8.3.12.47136 Foxitsoftware Phantompdf 9.0 Foxitsoftware Phantompdf 9.0.0.29935 Foxitsoftware Phantompdf 9.0.1 Foxitsoftware Phantompdf 9.0.1.1049 Foxitsoftware Phantompdf 9.0.1.31049 Foxitsoftware Phantompdf 9.1 Foxitsoftware Phantompdf 9.1.0.5096 Foxitsoftware Phantompdf 9.2 Foxitsoftware Phantompdf 9.2.0.9297 Foxitsoftware Phantompdf 9.3 Foxitsoftware Phantompdf 9.3.0.10826 Foxitsoftware Phantompdf 9.4.0.16811 Foxitsoftware Phantompdf 9.4.1.16828 Foxitsoftware Phantompdf 9.5 Foxitsoftware Phantompdf 9.5.0.20723 Foxitsoftware Phantompdf 9.6 Foxitsoftware Phantompdf 9.6.0.25114 Foxitsoftware Phantompdf 9.7 Foxitsoftware Phantompdf 9.7.0.29435 Foxitsoftware Phantompdf 9.7.0.29478 Foxitsoftware Phantompdf 9.7.1 Foxitsoftware Phantompdf 9.7.1.29511 Foxitsoftware Phantompdf 9.7.2 Foxitsoftware Phantompdf 9.7.2.29539 Foxitsoftware Phantompdf 10.0.0.35798 Foxitsoftware Reader 2.2 Foxitsoftware Reader 2.3 Foxitsoftware Reader 2.4.4 Foxitsoftware Reader 3.0 Foxitsoftware Reader 3.1 Foxitsoftware Reader 3.1.0.0824 Foxitsoftware Reader 3.1.1.0901 Foxitsoftware Reader 3.1.2.1013 Foxitsoftware Reader 3.1.3.1030 Foxitsoftware Reader 3.2 Foxitsoftware Reader 3.2.1.0401 Foxitsoftware Reader 3.3 Foxitsoftware Reader 3.3.0 Foxitsoftware Reader 3.3.1 Foxitsoftware Reader 4.0 Foxitsoftware Reader 4.1.0 Foxitsoftware Reader 4.1.1 Foxitsoftware Reader 4.2.0 Foxitsoftware Reader 4.3.0 Foxitsoftware Reader 4.3.1.0218 Foxitsoftware Reader 5.0.1 Foxitsoftware Reader 5.0.2.01718 Foxitsoftware Reader 5.1.0 Foxitsoftware Reader 5.1.3 Foxitsoftware Reader 5.3.0 Foxitsoftware Reader 5.3.1 Foxitsoftware Reader 5.4.2 Foxitsoftware Reader 5.4.3 Foxitsoftware Reader 5.4.5 Foxitsoftware Reader 6.0.2 Foxitsoftware Reader 6.0.3 Foxitsoftware Reader 6.0.5 Foxitsoftware Reader 6.1 Foxitsoftware Reader 6.1.1 Foxitsoftware Reader 6.1.2 Foxitsoftware Reader 6.1.4 Foxitsoftware Reader 6.2.0 Foxitsoftware Reader 6.2.1 Foxitsoftware Reader 7.0.3 Foxitsoftware Reader 7.0.6 Foxitsoftware Reader 7.1.0 Foxitsoftware Reader 7.1.5 Foxitsoftware Reader 7.2.0 Foxitsoftware Reader 7.2.0.722 Foxitsoftware Reader 7.2.2 Foxitsoftware Reader 7.2.8 Foxitsoftware Reader 7.3.0 Foxitsoftware Reader 7.3.0.118 Foxitsoftware Reader 7.3.4 Foxitsoftware Reader 8.0.0 Foxitsoftware Reader 8.0.2 Foxitsoftware Reader 8.1.0 Foxitsoftware Reader 8.1.1 Foxitsoftware Reader 8.1.4 Foxitsoftware Reader 8.2.0 Foxitsoftware Reader 8.2.1 Foxitsoftware Reader 8.3.0 Foxitsoftware Reader 8.3.1 Foxitsoftware Reader 8.3.2 Foxitsoftware Reader 9.0.0 Foxitsoftware Reader 9.0.1 Foxitsoftware Reader 9.0.1.1049 Foxitsoftware Reader 9.1.0 Foxitsoftware Reader 9.1.0.5096 Foxitsoftware Reader 9.2 Foxitsoftware Reader 9.2.0 Foxitsoftware Reader 9.2.0.9297 Foxitsoftware Reader 9.3 Foxitsoftware Reader 9.3.0.10826 Foxitsoftware Reader 9.4.0.16811 Foxitsoftware Reader 9.4.1.16828 Foxitsoftware Reader 9.5 Foxitsoftware Reader 9.5.0.20723 Foxitsoftware Reader 9.6 Foxitsoftware Reader 9.6.0.25114 Foxitsoftware Reader 9.7 Foxitsoftware Reader 9.7.0.29435 Foxitsoftware Reader 9.7.0.29455 Foxitsoftware Reader 9.7.1 Foxitsoftware Reader 9.7.2 Foxitsoftware Reader 10.0.0.35798	213
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References