CVE-2020-13557: Use After Free
First published: Tue Dec 22 2020(Updated: )
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =10.1.0.37527 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13557?
CVE-2020-13557 is a use after free vulnerability that exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 10.1.0.37527.
How does CVE-2020-13557 work?
CVE-2020-13557 can be triggered by a specially crafted PDF document, which can cause previously free memory to be reused, potentially leading to arbitrary code execution.
Which version of Foxit PDF Reader is affected by CVE-2020-13557?
Foxit PDF Reader version 10.1.0.37527 is affected by CVE-2020-13557.
What is the severity of CVE-2020-13557?
CVE-2020-13557 has a severity rating of 8.8 (high).
How can I fix CVE-2020-13557?
To fix CVE-2020-13557, update your Foxit PDF Reader to a version that is not affected by this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/10.1.0.37527