Information Disclosure Vulnerability in Foxit Reader and PhantomPDF by Foxit Software
CVE-2021-33794

9.1CRITICAL

Key Information:

Vendor: Foxit
Status: Foxit Reader; PhantomPDF
Vendor: CVE Published:; 11 August 2021

Summary

Foxit Reader and PhantomPDF prior to version 10.1.4 are susceptible to an information disclosure vulnerability that can be triggered during XFA form interactions. The issue arises from improper handling of the Tab key, which may lead to data exposure or application crashes, posing risks to user data integrity and overall application stability.

References

https://www.foxitsoftware.com/support/security-bulletins....

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Jun 1, 2021