Severity Rating: MEDIUM
Software Affected
Foxit Reader 10.1.0.37527 and earlier
Foxit PhantomPDF 10.1.0.37527 and earlier
Overview
Multiple vulnerabilities has been reported in Foxit Reader and Foxit
Phantom PDF for windows where a null pointer access/dereference while
opening a crafted PDF file lead to application crash and DoS.
Description
The application could be exposed to Denial of Service vulnerability and
crash when opening certain PDF files that contained illegal value in the
/Size entry of the Trail dictionary. This occurs due to the array overflow
as the illegal value in the /Size entry causes an error in initializing the
array size for storing the compression object streams, and an object number
which is larger than the initialization value is used as the array index
while parsing the cross-reference streams.
Successful exploitation of this vulnerability could allow the attacker to
cause denial-of-service in Foxit Reader and Foxit Phantom PDF.
Solution
Apply appropriate fix as mentioned in Foxit Advisory
Vendor Information
Foxit
References
Foxit
CVE Name
CVE-2020-28203
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.