CVE-2021-41785Use After Free in PDF Editor

CWE-416Use After Free3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxit PDF EditorFoxit PDF ReaderFoxit Phantompdf
Timeline
PublishedAug 29

Description

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDfoxit/pdf_editor11.011.1
NVDfoxit/pdf_reader11.011.1
NVDfoxit/phantompdf< 10.1.6

🔴Vulnerability Details

2
CVEList
CVE-2021-41785: Foxit PDF Reader before 112022-08-29
GHSA
GHSA-p3v9-343w-55m9: Foxit PDF Reader before 112022-08-29
CVE-2021-41785 — Use After Free in Foxit PDF Editor | cvebase