An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-31T20:14:11
Updated: 2024-08-04T17:16:13.435Z
Reserved: 2020-12-31T00:00:00
Link: CVE-2020-35931
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-31T21:15:12.253
Modified: 2024-11-21T05:28:32.400
Link: CVE-2020-35931
Redhat
No data.