CVE-2020-13560: Use After Free
First published: Tue Dec 22 2020(Updated: )
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =10.1.0.37527 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13560?
CVE-2020-13560 is a use after free vulnerability in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 10.1.0.37527.
How does CVE-2020-13560 work?
CVE-2020-13560 can be triggered by a specially crafted PDF document that leads to reuse of previously freed memory, potentially resulting in arbitrary code execution.
What is the severity of CVE-2020-13560?
CVE-2020-13560 has a severity rating of 8.8 (high).
How can I fix CVE-2020-13560?
To fix CVE-2020-13560, update your Foxit PDF Reader to version 10.1.0.37527 or above.
Where can I find more information about CVE-2020-13560?
You can find more information about CVE-2020-13560 in the following link: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1175.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/10.1.0.37527