CVE-2021-38572
published 2021-08-11CVE-2021-38572: An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | < 10.1.4 | 10.1.4 |
| foxitsoftware | phantompdf | < 10.1.4 | 10.1.4 |