CVE-2020-13570: Use After Free
First published: Tue Dec 22 2020(Updated: )
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =10.1.0.37527 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-13570.
What is the severity of CVE-2020-13570?
CVE-2020-13570 has a severity level of 8.8 (high).
Which software version is affected by CVE-2020-13570?
Foxit Software's PDF Reader version 10.1.0.37527 is affected by CVE-2020-13570.
How can CVE-2020-13570 be exploited?
CVE-2020-13570 can be exploited by tricking the user into opening a malicious PDF document.
Is there a fix available for CVE-2020-13570?
Yes, Foxit Software has released a fixed version to address CVE-2020-13570. It is recommended to update to the latest version of Foxit Reader to mitigate the vulnerability.
- collector/nvd-index
- agent/event
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/10.1.0.37527