Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-35931
HistoryDec 31, 2020 - 9:15 p.m.

CVE-2020-35931

2020-12-3121:15:12
CWE-754
[email protected]
web.nvd.nist.gov
63
7
foxit reader
phantompdf
cve-2020-35931
evil annotation attack
pdf security
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.

Affected configurations

NVD
Node
foxitsoftwarefoxit_readerRange<10.1.1
OR
foxitsoftwarephantompdfRange<9.7.5
OR
foxitsoftwarephantompdfRange10.0.0–10.1.1
AND
microsoftwindowsMatch-
Node
foxitsoftwarefoxit_readerRange<4.1.1
OR
foxitsoftwarephantompdfRange<4.1.1
AND
applemacosMatch-

Social References

More

Related

nessus 2
prion 1
nvd 1
cvelist 1
threatpost 1
thn 1
nessus
nessus
Foxit Reader < 4.1 PDF Spoofing (macOS)
2021-02-19 00:00:00
Foxit PhantomPDF < 4.1.3 PDF Spoofing (macOS)
2021-02-19 00:00:00
prion
prion
Code injection
2020-12-31 21:15:00
nvd
nvd
CVE-2020-35931
2020-12-31 21:15:12
cvelist
cvelist
CVE-2020-35931
2020-12-31 20:14:11
threatpost
threatpost
PDF Feature β€˜Certified’ Widely Vulnerable to Attack
2021-05-26 20:14:30
thn
thn
Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents
2021-05-29 08:34:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON
Related for CVE-2020-35931
nessus2prion1nvd1cvelist1threatpost1thn1