What is CVE-2020-13548?

CVE-2020-13548 is a high-severity vulnerability in Foxit, classified under Use After Free. CVSS score: 8.0/10. Published 2021-02-10.

How severe is CVE-2020-13548?

High severity. CVSS v3 base score is 8.0 out of 10.

Is CVE-2020-13548 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Foxit

CVE-2020-13548

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerabi…

Vulnerability class: Use-After-Free

EPSS: 0.667 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

N/a Foxit — versions Foxit Reader Version: 10.1.0.37527

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1166 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13548?: CVE-2020-13548 is a high-severity vulnerability in Foxit, classified under Use After Free. CVSS score: 8.0/10. Published 2021-02-10.
How severe is CVE-2020-13548?: High severity. CVSS v3 base score is 8.0 out of 10.
Is CVE-2020-13548 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.