CVE-2022-25641
published 2022-08-29CVE-2022-25641: Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | >= 11.0 < 11.2.2 | 11.2.2 |
| foxit | pdf_reader | >= 11.0 < 11.2.2 | 11.2.2 |
| foxit | phantompdf | < 10.1.8 | 10.1.8 |