Use-After-Free Vulnerability in Foxit PDF Reader and Editor
CVE-2021-41783

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
29 August 2022

Summary

A use-after-free vulnerability exists in Foxit PDF Reader, PDF Editor, and PhantomPDF due to improper handling of JavaScript. This flaw can be exploited to execute arbitrary code by attackers, compromising the integrity of systems using affected versions before updates were applied. Users are encouraged to upgrade to the latest versions to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.