CVE-2021-38570 — Link Following in Foxit Reader

CWE-59 — Link Following6 documents4 sources

Severity

9.1CRITICALNVD

EPSS

0.0%

top 88.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Foxit Reader Foxitsoftware Phantompdf

Timeline

PublishedAug 11

Latest updateOct 10

Description

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDfoxitsoftware/phantompdf< 10.1.4

▶NVDfoxitsoftware/foxit_reader< 10.1.4

🔴Vulnerability Details

OSV

linux-raspi-5.4 vulnerabilities↗2024-10-10

▶

OSV

linux-raspi vulnerabilities↗2024-10-01

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.↗2024-09-18

▶

GHSA

GHSA-jc8j-6hpq-92wx: An issue was discovered in Foxit Reader and PhantomPDF before 10↗2022-05-24

▶

CVEList

CVE-2021-38570: An issue was discovered in Foxit Reader and PhantomPDF before 10↗2021-08-11

▶