Stack Consumption Vulnerability in Foxit Reader and PhantomPDF
CVE-2021-38569

7.5HIGH

Key Information:

Vendor: Foxit
Status: Foxit Reader; PhantomPDF
Vendor: CVE Published:; 11 August 2021

Summary

A vulnerability exists in Foxit Reader and PhantomPDF, prior to version 10.1.4, that allows for stack consumption due to recursive function calls. This issue can arise when processing XFA forms or link objects, potentially leading to denial of service conditions. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 11, 2021