Uninitialized Object Information Disclosure Vulnerability in Foxit Reader and PhantomPDF

Uninitialized Object Information Disclosure Vulnerability in Foxit Reader and PhantomPDF

CVE-2020-11493 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Learn more about our Web Application Penetration Testing UK.