Unrated severityNVD Advisory· Published Dec 31, 2020· Updated Aug 4, 2024
CVE-2020-35931
CVE-2020-35931
Description
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Foxit/Readerdescription
- Range: <9.7.5 and <10.1.1 (Windows) / <4.1.1 (macOS)
- Range: <10.1.1 (Windows) / <4.1.1 (macOS)
Patches
Vulnerability mechanics
References
1- www.foxitsoftware.com/support/security-bulletins.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.