Skip to main content

Pdf Reader CVE-2020-35990

MEDIUM
Classic Buffer Overflow (CWE-120)
2023-08-11 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 11, 2023 - 14:15 nvd
MEDIUM 5.5

DescriptionNVD

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

AnalysisAI

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. Affected products include: Foxit Pdf Reader. Version information: version 10.1.0.37527.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2024-49576 HIGH POC
8.8 Dec 18

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. Rated

CVE-2024-47810 HIGH POC
8.8 Dec 18

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. Rated high severi

CVE-2024-28888 HIGH POC
8.8 Oct 02

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. Rated high

CVE-2024-25938 HIGH POC
8.8 Apr 30

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. Rated high severi

CVE-2024-25648 HIGH POC
8.8 Apr 30

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. Rated high sever

CVE-2024-25575 HIGH POC
8.8 Apr 30

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. Rated

CVE-2023-33876 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Rated high se

CVE-2023-33866 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rat

CVE-2023-28744 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. Rat

CVE-2023-27379 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rat

CVE-2021-21893 HIGH POC
8.8 Aug 05

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. Rat

CVE-2021-21870 HIGH POC
8.8 Aug 05

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. Rat

Share

CVE-2020-35990 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy