Cross-reference Information Mishandling in Foxit PDF Products
CVE-2022-25641

5.5MEDIUM

Key Information:

Vendor: Foxit
Status: PDF Editor; PDF Reader; PhantomPDF
Vendor: CVE Published:; 29 August 2022

Summary

A flaw in Foxit PDF Reader, PDF Editor, and PhantomPDF affects how cross-reference information is processed during compressed-object parsing in signed documents. As a result, attackers may exploit this vulnerability through Incremental Saving and Shadow Attacks, leading to the delivery of incorrect signature information. These vulnerabilities can compromise the integrity of signed documents, necessitating immediate attention from users and administrators to prevent potential misuse.

References

https://www.foxit.com/support/security-bulletins.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2022
Vulnerability Reserved
Feb 22, 2022