Uninitialized Object Information Disclosure Vulnerability in Foxit Reader and PhantomPDF
CVE-2020-11493 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.
Learn more about our Web Application Penetration Testing UK.