CVE-2022-25641

3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 80.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit PDF Editor Foxit PDF Reader Foxit Phantompdf

Timeline

PublishedAug 29

Description

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDfoxit/pdf_editor11.0 — 11.2.2

▶NVDfoxit/pdf_reader11.0 — 11.2.2

▶NVDfoxit/phantompdf< 10.1.8

🔴Vulnerability Details

CVEList

CVE-2022-25641: Foxit PDF Reader before 11↗2022-08-29

▶

GHSA

GHSA-375g-mf6c-ppr8: Foxit PDF Reader before 11↗2022-08-29

▶