CVE-2021-21822

CWE-416Use After Free3 documents3 sources
Severity
8.8HIGH
EPSS
19.8%
top 4.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Foxit Reader
Timeline
PublishedMay 10
Latest updateMay 24

Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxitsoftware/foxit_reader10.1.3.37598
CVEListV5foxitFoxit Reader 10.1.3.37598

🔴Vulnerability Details

2
GHSA
GHSA-v89w-v9jm-g4f3: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 102022-05-24
CVEList
CVE-2021-21822: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 102021-05-10
CVE-2021-21822 (HIGH CVSS 8.8) | A use-after-free vulnerability exis | cvebase.io