Vulnerabilities > CVE-2020-35931 - Improper Check for Unusual or Exceptional Conditions vulnerability in Foxitsoftware Foxit Reader

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
foxitsoftware
CWE-754
NVD
Published: 2020-12-31
Updated: 2021-09-08

Summary

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.

Vulnerable Configurations

Part Description Count
Application
Foxitsoftware
269
OS
Microsoft
1
OS
Apple
1

Common Weakness Enumeration (CWE)

References