A team of specialists from a cyber security audit company revealed the finding of at least five flaws in Foxit Reader for Windows and Foxit PhantomPDF, two of Foxit Software‘s products, one of the most popular PDF reader developers. The report indicates that exploiting these flaws would lead to out-of-bounds reads, buffer overflows, and other risk scenarios.
Below are brief overviews of reported security flaws, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-11493: Insufficient validation of user inputs when processing PDF files would allow remote threat actors to access sensitive data on the target system; all the attackers require is to create a specially designed XObject and trick the victim into opening it.
This is an average severity flaw that received a score of 4.7/10.
CVE-2020-12247: A limit condition when processing PDF files would allow threat actors to gain access to victims’ confidential information by sending a specially crafted file.
The cyber security audit company’s specialists assigned this flaw a score of 2.7/10, so it is considered low severity.
CVE-2020-12248: A limit error while processing corrupted data on images within a PDF file would allow malicious hackers to trick users with a specially designed document, triggering memory corruption to execute arbitrary code on the target system.
This is a serious flaw that received a score of 7.7/10.
CVE-2020-15638: A type confusion error within the NodeProperties::InferReceiverMapsUnsafe method would allow a threat actor to execute arbitrary code on the target system.
The remote attacker must create a specially designed PDF file to trigger the error and complete the attack, mentioned by the experts of the cyber security audit company. This is also a serious flaw, as it received a score of 7.7/10.
CVE-2020-15637: This vulnerability exists due to a use-after-free flaw in the SetLocalDescription method. Malicious hackers can create a specially designed PDF file to trigger the flaw, which could completely compromise the vulnerable system. The vulnerability received a score of 7.7/10, so it is considered high severity.
The products and versions affected by these vulnerabilities are as follows:
- Foxit Reader for Windows: 9.0, 9.0.0.29935, 9.0.1.1049, 9.1, 9.1.0.5096, 9.2, 9.2.0.9297, 9.3, 9.3.0.10826, 9.4, 9.4.0.16811, 9.4.1.16828, 9.5.0.20723, 9.6.0.25114, 9.7.0.29455, 9.7.1.29511, 9.7.2.29539, 10.0.0.35798
- Foxit PhantomPDF: 9.0, 9.0.0.29935, 9.0.1.1049, 9.0.1.31049, 9.1, 9.1.0.5096, 9.2, 9.2.0.9297, 9.3, 9.3.0.10826, 9.4, 9.4.0.16811, 9.4.1.16828, 9.5.0.20723, 9.6.0.25114, 9.7.0.29478, 9.7.1.29511, 9.7.2.29539, 10.0.0.35798
Although the flaws can be exploited by unauthenticated remote threat actors, specialists say no attempts at active exploitation have been detected. Foxit has already released the necessary fixes, so users will only need to verify the correct installation of the patches.