CVE-2020-26540

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

Published: Oct 2, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-26540
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-347

Affected Software
References

Software	From	Fixed in
foxitsoftware / foxit_reader	-	4.1
foxitsoftware / phantompdf	-	4.1

https://www.foxitsoftware.com/support/security-bulletins.html

Vulnerability Database

289,697

CVE-2020-26540