CVE-2021-38563Improper Validation of Array Index in PDF Reader

CWE-129Improper Validation of Array Index3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.0%
top 93.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF ReaderFoxitsoftware PDF Editor
Timeline
PublishedAug 11
Latest updateMay 24

Description

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_reader11.0.0.0510
NVDfoxitsoftware/pdf_editor11.0.0.0510

🔴Vulnerability Details

2
GHSA
GHSA-w5rc-cq4p-9j77: An issue was discovered in Foxit PDF Reader before 112022-05-24
CVEList
CVE-2021-38563: An issue was discovered in Foxit PDF Reader before 112021-08-11
CVE-2021-38563 — Improper Validation of Array Index | cvebase