Lucene search
PRIOn knowledge basePRION:CVE-2020-35931HistoryDec 31, 2020 - 9:15 p.m.
Code injection
2020-12-3121:15:00
PRIOn knowledge base
www.prio-n.com
7
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
| CPE | Name | Operator | Version |
|---|---|---|---|
| foxit_reader | lt | 10.1.1 | |
| foxit_reader | lt | 4.1.1 | |
| phantompdf | lt | 9.7.5 | |
| phantompdf | ge | 10.0.0 | |
| phantompdf | lt | 10.1.1 | |
| phantompdf | lt | 4.1.1 |
Related
cve
cve
CVE-2020-35931
2020-12-31 21:15:12
nessus
nessus
Foxit Reader < 4.1 PDF Spoofing (macOS)
2021-02-19 00:00:00
Foxit PhantomPDF < 4.1.3 PDF Spoofing (macOS)
2021-02-19 00:00:00
nvd
nvd
CVE-2020-35931
2020-12-31 21:15:12
cvelist
cvelist
CVE-2020-35931
2020-12-31 20:14:11
threatpost
threatpost
PDF Feature βCertifiedβ Widely Vulnerable to Attack
2021-05-26 20:14:30
thn
thn
Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents
2021-05-29 08:34:00