CVE-2021-38573
published 2021-08-11CVE-2021-38573: An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | < 10.1.4 | 10.1.4 |
| foxitsoftware | phantompdf | < 10.1.4 | 10.1.4 |