CVE-2020-13548: Use After Free
First published: Wed Feb 10 2021(Updated: )
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =10.1.0.37527 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13548?
CVE-2020-13548 is a vulnerability in Foxit Reader 10.1.0.37527 that allows arbitrary code execution by triggering the reuse of previously free memory.
How can this vulnerability be exploited?
An attacker needs to trick the user into opening a specially crafted PDF document in Foxit Reader 10.1.0.37527 to trigger the vulnerability.
What is the severity of CVE-2020-13548?
The severity of CVE-2020-13548 is high with a CVSS score of 8.8.
How can I fix CVE-2020-13548?
Update Foxit Reader to version 10.1.1 or later to mitigate CVE-2020-13548.
Where can I find more information about CVE-2020-13548?
You can find more information about CVE-2020-13548 at the following link: [https://talosintelligence.com/vulnerability_reports/TALOS-2020-1166](https://talosintelligence.com/vulnerability_reports/TALOS-2020-1166)
- collector/nvd-index
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/10.1.0.37527