CVE-2019-20817

Vulnerability

CVE-2019-20817 is a NULL pointer dereference vulnerability in Foxit Reader and PhantomPDF (now Foxit PDF Reader and Foxit PDF Editor) prior to version 9.7 [1]. The bug resides in an unspecified code path that triggers a NULL pointer access when processing a malformed PDF document. No special configuration beyond opening a crafted file is required to reach the vulnerable code.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted PDF file in an affected Foxit Reader or PhantomPDF [1]. No authentication is required, and the attack can be delivered via email, web download, or any other vector that delivers a PDF to the target. Once the user opens the malicious file, the NULL pointer dereference occurs during parsing or rendering.

Impact

Successful exploitation results in a denial of service (application crash) due to the NULL pointer dereference [1]. The vulnerability does not appear to allow code execution; the impact is limited to causing the application to terminate unexpectedly, preventing legitimate use until the application is restarted.

Mitigation

Foxit addressed this issue in Foxit Reader and PhantomPDF version 9.7, released before the publication date of this CVE (2020-06-04) [1]. Users should update to version 9.7 or later to mitigate the vulnerability. No workarounds are documented; upgrading is the recommended action.