CVE-2020-13548

Name of the Vulnerable Software and Affected Versions Foxit Reader version 10.1.0.37527 Foxit PhantomPDF (affected versions not specified)

Description The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code. This can be triggered by opening a specially crafted PDF document. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue. An attacker needs to trick the user into opening the malicious file to exploit this issue.

Recommendations For Foxit Reader version 10.1.0.37527, update to a version that contains a fix for this issue. For Foxit PhantomPDF, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the browser plugin extension to minimize the risk of exploitation.