CVE-2020-13547
https://notcve.org/view.php?id=CVE-2020-13547
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de confusión de tipos en el motor JavaScript de Foxit PDF Reader de Foxit Software, versión 10.1.0.37527. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1165 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2020-13570
https://notcve.org/view.php?id=CVE-2020-13570
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el motor JavaScript del PDF Reader de Foxit Software, versión 10.1.0.37527. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1181 • CWE-416: Use After Free •
CVE-2020-13560
https://notcve.org/view.php?id=CVE-2020-13560
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el motor JavaScript de Foxit PDF Reader de Foxit Software, versión 10.1.0.37527. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1175 • CWE-416: Use After Free •
CVE-2020-13557
https://notcve.org/view.php?id=CVE-2020-13557
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el motor JavaScript de Foxit PDF Reader de Foxit Software, versión 10.1.0.37527. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1171 • CWE-416: Use After Free •
CVE-2020-28203
https://notcve.org/view.php?id=CVE-2020-28203
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). Se detectó un problema en Foxit Reader y PhantomPDF versiones10.1.0.37527 y anteriores. Se presenta un acceso y desreferenciación del puntero null al abrir un archivo PDF diseñado, conllevando a que la aplicación se bloquee (denegación de servicio) • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •