CVE-2021-38570
published 2021-08-11CVE-2021-38570: An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | < 10.1.4 | 10.1.4 |
| foxitsoftware | phantompdf | < 10.1.4 | 10.1.4 |
| linux | linux_kernel | >= 0 < 5.4.0-196.216 | 5.4.0-196.216 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
osv5.5MEDIUM