How severe is CVE-2020-10912?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-10912?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2020-10912 - HIGH Severity | CVSS 7.8

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9945.

Related Vulnerabilities

CVE-2010-0258

HIGH

CVSS:7.8(High)

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack fo...

CWE-8432010

CVE-2017-13220

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CWE-8432017

CVE-2017-15860

HIGH

CVSS:7.8(High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.

CWE-8432017

CVE-2017-16745

HIGH

CVSS:7.8(High)

A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vuln...

CWE-8432017

CVE-2017-8291

HIGH

CVSS:7.8(High)

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an inp...

CWE-8432017

CVE-2018-19027

HIGH

CVSS:7.8(High)

Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project fil...

CWE-8432018