CVE-2019-6756

Name of the Vulnerable Software and Affected Versions Foxit PhantomPDF version 9.4.0.16811

Description This issue allows remote attackers to disclose sensitive information on vulnerable installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of HTML files due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of the current process.

Recommendations For Foxit PhantomPDF version 9.4.0.16811, consider disabling the HTML file parsing feature until a patch is available to prevent exploitation. Restrict access to potentially malicious HTML files to minimize the risk of information disclosure.