Home

CVE-2020-28203

Description

An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.022

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Foxit Reader (ML) (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit Reader (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit Reader Enterprise (ML) (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit Reader Enterprise (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (EXE) (10.1.1.37576)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (MSI) (10.1.1.37576)Windows
Multiple vulnerabilities are fixed in Foxit Reader (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit Reader (ML) (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (ML) (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit Reader (10.1.1.37576)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (EXE) (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (MSI) (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.1.3.37598)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.1.3.37598)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-317443Foxit Reader (ML) (10.1.1.37576)
PATCH-317442Foxit Reader (10.1.1.37576)
PATCH-317445Foxit Reader Enterprise (ML) (10.1.1.37576)
PATCH-317444Foxit Reader Enterprise (10.1.1.37576)
PATCH-317417Foxit PhantomPDF 10 (ML) (EXE) (10.1.1.37576)
PATCH-317435Foxit PhantomPDF 10 (ML) (MSI) (10.1.1.37576)
PATCH-317416Foxit PhantomPDF 10 (EXE) (10.1.1.37576)
PATCH-317418Foxit PhantomPDF 10 (MSI) (10.1.1.37576)
PATCH-347386Foxit Reader (2025.1.0.27937)
PATCH-351917Foxit Reader (ML) (2025.2.1.33197)
PATCH-347385Foxit PDF Reader (MSI) (2025.1.0.27937)
PATCH-351864Foxit PDF Reader (ML) (MSI) (2025.2.0.33046)
PATCH-347386Foxit Reader (2025.1.0.27937)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234