CVE-2021-41780

CWE-416Use After Free3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 70.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxit PDF EditorFoxit PDF ReaderFoxit Phantompdf
Timeline
PublishedAug 29

Description

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDfoxit/pdf_editor11.011.1
NVDfoxit/pdf_reader11.011.1
NVDfoxit/phantompdf< 10.1.6

🔴Vulnerability Details

2
CVEList
CVE-2021-41780: Foxit PDF Reader before 112022-08-29
GHSA
GHSA-3v83-pcq5-44vq: Foxit PDF Reader before 112022-08-29
CVE-2021-41780 (HIGH CVSS 7.8) | Foxit PDF Reader before 11.1 and PD | cvebase.io