CVE-2020-10909

Name of the Vulnerable Software and Affected Versions Foxit PhantomPDF version 9.7.0.29478 Foxit Reader (affected versions not specified)

Description The issue is related to errors in data type conversion in the implementation of the AddWatermark command in Foxit Reader and Foxit PhantomPDF. This can be exploited by a remote attacker to execute arbitrary code, but user interaction is required, such as visiting a malicious page or opening a malicious file. The problem stems from the lack of proper validation of user-supplied data, leading to a type confusion condition. This allows an attacker to execute code in the context of the current process.

Recommendations For Foxit PhantomPDF version 9.7.0.29478, consider disabling the AddWatermark command until a patch is available. For Foxit Reader, at the moment, there is no information about a newer version that contains a fix for this vulnerability.