Vulnerabilities > CVE-2020-35931 - Improper Check for Unusual or Exceptional Conditions vulnerability in Foxitsoftware Foxit Reader

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
foxitsoftware
CWE-754
NVD
Published: 2020-12-31
Updated: 2021-09-08

Summary

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.

Vulnerable Configurations

Part Description Count
Application
Foxitsoftware
269
OS
Microsoft
1
OS
Apple
1

Common Weakness Enumeration (CWE)

References