CVE-2020-26535

CRITICAL

9.8

Description

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published10/2/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

foxitsoftware:foxit_readerfoxitsoftware:phantompdf

Weaknesses (CWE)

CWE-787

References

https://www.foxitsoftware.com/support/security-bulletins.html(cve@mitre.org)

https://www.foxitsoftware.com/support/security-bulletins.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.