File Manipulation Vulnerability in Foxit PDF Reader and Editor
CVE-2021-40326

5.5MEDIUM

Key Information:

Vendor: Foxit
Status: PDF Editor; PDF Reader; PhantomPDF
Vendor: CVE Published:; 29 August 2022

Summary

The vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF involves improper handling of hidden and incremental data in digitally signed documents. This issue allows attackers to potentially write to arbitrary files and manipulate the content displayed during the signature verification process, thereby posing a risk to the integrity and authenticity of signed documents.

References

https://www.foxit.com/support/security-bulletins.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2022
Vulnerability Reserved
Aug 30, 2021