Vulnerability Description
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Phantompdf | <= 9.7.2.29539 |
| Microsoft | Windows | - |
| Foxitsoftware | Reader | <= 10.0.0.35798 |
Related Weaknesses (CWE)
References
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
FAQ
What is CVE-2020-12248?
CVE-2020-12248 is a vulnerability with a CVSS score of 8.8 (HIGH). In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
How severe is CVE-2020-12248?
CVE-2020-12248 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12248?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Phantompdf, Microsoft Windows, Foxitsoftware Reader.