Foxit Reader 10.0.1 update addresses address potential security and stability issues.

Security vulnerabilities have been fixed as well as stability issues.

Please find details regarding the fixed vulnerabilities below:

  1. Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability and crash. This occurs as the application directly transforms the PDF Object as PDF Stream for further actions without proper validation when verifying the information in a crafted XObject (CVE-2020-11493).

  2. Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs due to the application mistakenly uses the index of the original text string to recognize links after the original text string is divided into two pieces during text string layout (CVE-2020-12247).

  3. Addressed a potential issue where the application could be exposed to Use-After-Free Information Disclosure vulnerability and crash due to the access of illegal memory when loading certain webpage (CVE-2020-15637).

  4. Addressed a potential issue where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash. This occurs due to the application fails to execute a fault-tolerance mechanism when processing the dirty data in the image resources (CVE-2020-12248).

  5. Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash due to the access of array whose length is larger than its initial length (CVE-2020-15638).

Read more in the security bulletin.

Update your Foxit applications to the latest versions via the Help tab of Foxit Reader or Foxit PhantomPDF, click on Check for Updates and update to the latest version.


Foxit Reader on UpdateStar | Download

Foxit PhantomPDF on UpdateStar | Download

about author