CVE-2020-13570

Name of the Vulnerable Software and Affected Versions Foxit Software’s PDF Reader version 10.1.0.37527 Foxit PhantomPDF (affected versions not specified)

Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Recommendations For Foxit Software’s PDF Reader version 10.1.0.37527, consider disabling the JavaScript engine until a patch is available. For Foxit PhantomPDF, at the moment, there is no information about a newer version that contains a fix for this vulnerability.