An issue exists in Foxit Reader prior to 10.1.1 (and prior to 4.1.1 on macOS) and PhantomPDF prior to 9.7.5 and 10.x prior to 10.1.1 (and prior to 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
foxitsoftware foxit_reader |
||
foxitsoftware phantompdf |