Stack Consumption Vulnerability in Foxit Reader and PhantomPDF
CVE-2021-38569

7.5HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
11 August 2021

Summary

A vulnerability exists in Foxit Reader and PhantomPDF, prior to version 10.1.4, that allows for stack consumption due to recursive function calls. This issue can arise when processing XFA forms or link objects, potentially leading to denial of service conditions. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.