An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-31T20:14:11

Updated: 2024-08-04T17:16:13.435Z

Reserved: 2020-12-31T00:00:00

Link: CVE-2020-35931

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-31T21:15:12.253

Modified: 2024-11-21T05:28:32.400

Link: CVE-2020-35931

cve-icon Redhat

No data.