Search criteria
74 vulnerabilities found for PDF Editor by Foxit
CERTFR-2025-AVI-0824
Vulnerability from certfr_avis - Published: 2025-09-26 - Updated: 2025-09-26
De multiples vulnérabilités ont été découvertes dans les produits Foxit. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | PDF Editor versions 2023.x antérieures à 2023.3.0.63083 pour Mac | ||
| Foxit | PDF Editor | PDF Editor versions 2025.x antérieures à 2025.2.0.33046 pour Windows | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2025.2.0.68868 pour Mac | ||
| Foxit | PDF Editor | PDF Editor versions 2023.x antérieures à 2023.3.0.23028 pour Windows | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 14.0.0.68868 pour Mac | ||
| Foxit | PDF Editor | PDF Editor versions 2025.x antérieures à 2025.2.0.68868 pour Mac | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 14.0.0.33046 pour Windows | ||
| Foxit | PDF Editor | PDF Editor versions 2024.x antérieures à 2024.4.1.27687 pour Windows | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2025.2.0.33046 pour Windows | ||
| Foxit | PDF Editor | PDF Editor versions 2024.x antérieures à 2024.4.1.66479 pour Mac |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PDF Editor versions 2023.x ant\u00e9rieures \u00e0 2023.3.0.63083 pour Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 2025.x ant\u00e9rieures \u00e0 2025.2.0.33046 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2025.2.0.68868 pour Mac",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 2023.x ant\u00e9rieures \u00e0 2023.3.0.23028 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 14.0.0.68868 pour Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 2025.x ant\u00e9rieures \u00e0 2025.2.0.68868 pour Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 14.0.0.33046 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 2024.x ant\u00e9rieures \u00e0 2024.4.1.27687 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2025.2.0.33046 pour Windows",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 2024.x ant\u00e9rieures \u00e0 2024.4.1.66479 pour Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59802"
},
{
"name": "CVE-2025-59803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59803"
}
],
"initial_release_date": "2025-09-26T00:00:00",
"last_revision_date": "2025-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Foxit. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits FoxIT",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 FoxIT security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
CERTFR-2025-AVI-0680
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits FoxIT. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | PDF Editor versions antérieures à 2025.2/14.0/13.2 pour Mac | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 2025.2 | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2025.2 pour Mac | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2025.2 | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 14.0/13.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 2025.2/14.0/13.2 pour Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 2025.2",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2025.2 pour Mac",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2025.2",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 14.0/13.2",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32451"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0680",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits FoxIT. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits FoxIT",
"vendor_advisories": [
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 FoxIT",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
CERTFR-2024-AVI-1088
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Foxit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | PDF Editor versions 12.x antérieures à 12.1.7 pour macOS | ||
| Foxit | PDF Editor | PDF Editor versions 12.x antérieures à 12.1.9 pour Windows | ||
| Foxit | PDF Editor | PDF Editor versions 11.x antérieures à 11.1.11 pour macOS | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2024.4 pour macOS et Windows | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 2024.4 pour Windows | ||
| Foxit | PDF Editor | PDF Editor versions 11.x antérieures à 11.2.12 pour Windows | ||
| Foxit | PDF Editor | PDF Editor version 13.x antérieures à 13.1.5 pour macOS et Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PDF Editor versions 12.x ant\u00e9rieures \u00e0 12.1.7 pour macOS",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 12.x ant\u00e9rieures \u00e0 12.1.9 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 11.x ant\u00e9rieures \u00e0 11.1.11 pour macOS",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2024.4 pour macOS et Windows",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 2024.4 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions 11.x ant\u00e9rieures \u00e0 11.2.12 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor version 13.x ant\u00e9rieures \u00e0 13.1.5 pour macOS et Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47810"
},
{
"name": "CVE-2024-49576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49576"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1088",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Foxit. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Foxit",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Foxit",
"url": "https://www.foxit.com/support/security-bulletins.html"
}
]
}
CERTFR-2024-AVI-0904
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans FoxIT PDF Editor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | Foxit PDF Editor pour Windows versions 11.2.x antérieures à 11.2.11 | ||
| Foxit | PDF Editor | Foxit PDF Editor pour Mac versions 12.x antérieures à 12.1.6 | ||
| Foxit | PDF Editor | Foxit PDF Editor pour Mac versions 11.1.x antérieures à 11.1.10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Foxit PDF Editor pour Windows versions 11.2.x ant\u00e9rieures \u00e0 11.2.11",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "Foxit PDF Editor pour Mac versions 12.x ant\u00e9rieures \u00e0 12.1.6",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "Foxit PDF Editor pour Mac versions 11.1.x ant\u00e9rieures \u00e0 11.1.10",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9256"
},
{
"name": "CVE-2024-9248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9248"
},
{
"name": "CVE-2024-7722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7722"
},
{
"name": "CVE-2024-9253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9253"
},
{
"name": "CVE-2024-9252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9252"
},
{
"name": "CVE-2024-9249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9249"
},
{
"name": "CVE-2024-7725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7725"
},
{
"name": "CVE-2024-7724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7724"
},
{
"name": "CVE-2024-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41605"
},
{
"name": "CVE-2024-9250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9250"
},
{
"name": "CVE-2024-9247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9247"
},
{
"name": "CVE-2024-9246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9246"
},
{
"name": "CVE-2024-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9251"
},
{
"name": "CVE-2024-9254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9254"
},
{
"name": "CVE-2024-9255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9255"
},
{
"name": "CVE-2024-9245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9245"
},
{
"name": "CVE-2024-9243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9243"
},
{
"name": "CVE-2024-28888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28888"
},
{
"name": "CVE-2024-7723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7723"
},
{
"name": "CVE-2024-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38393"
},
{
"name": "CVE-2024-9244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9244"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0904",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans FoxIT PDF Editor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Foxit PDF Editor",
"vendor_advisories": [
{
"published_at": "2024-10-18",
"title": "Bulletin de s\u00e9curit\u00e9 FoxIT security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
CERTFR-2024-AVI-0824
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Foxit PDF Editor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | PDF Editor versions antérieures à 12.1.8 pour Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 12.1.8 pour Windows",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9256"
},
{
"name": "CVE-2024-9248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9248"
},
{
"name": "CVE-2024-7722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7722"
},
{
"name": "CVE-2024-9253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9253"
},
{
"name": "CVE-2024-9252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9252"
},
{
"name": "CVE-2024-9249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9249"
},
{
"name": "CVE-2024-7725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7725"
},
{
"name": "CVE-2024-7724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7724"
},
{
"name": "CVE-2024-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41605"
},
{
"name": "CVE-2024-9250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9250"
},
{
"name": "CVE-2024-9247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9247"
},
{
"name": "CVE-2024-9246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9246"
},
{
"name": "CVE-2024-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9251"
},
{
"name": "CVE-2024-9254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9254"
},
{
"name": "CVE-2024-9255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9255"
},
{
"name": "CVE-2024-9245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9245"
},
{
"name": "CVE-2024-9243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9243"
},
{
"name": "CVE-2024-28888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28888"
},
{
"name": "CVE-2024-7723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7723"
},
{
"name": "CVE-2024-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38393"
},
{
"name": "CVE-2024-9244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9244"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Foxit PDF Editor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Foxit PDF Editor",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Foxit",
"url": "https://www.foxit.com/support/security-bulletins.html"
}
]
}
CERTFR-2024-AVI-0816
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Foxit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Foxit | PDF Editor | PDF Editor versions antérieures à 13.1.4 pour Windows et Mac | ||
| Foxit | PDF Reader | PDF Reader versions antérieures à 2024.3 pour Windows et Mac | ||
| Foxit | PDF Editor | PDF Editor versions antérieures à 2024.3 pour Windows et Mac |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 13.1.4 pour Windows et Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Reader versions ant\u00e9rieures \u00e0 2024.3 pour Windows et Mac",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "PDF Editor versions ant\u00e9rieures \u00e0 2024.3 pour Windows et Mac",
"product": {
"name": "PDF Editor",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-7725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7725"
},
{
"name": "CVE-2024-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41605"
},
{
"name": "CVE-2024-28888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28888"
},
{
"name": "CVE-2024-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38393"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0816",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Foxit. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Foxit",
"vendor_advisories": [
{
"published_at": "2024-09-26",
"title": "Bulletin de s\u00e9curit\u00e9 Foxit",
"url": "https://www.foxit.com/support/security-bulletins.html#content-2024"
}
]
}
CVE-2021-34968 (GCVE-0-2021-34968)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:59:14.399196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:54.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1199",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1199/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.682-05:00",
"datePublic": "2021-10-15T07:35:54.295-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:41.342Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1199",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1199/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34968",
"datePublished": "2024-05-07T22:54:41.342Z",
"dateReserved": "2021-06-17T19:27:05.656Z",
"dateUpdated": "2024-08-04T00:26:55.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34967 (GCVE-0-2021-34967)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:21:41.982280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:42.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1198",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1198/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.679-05:00",
"datePublic": "2021-10-15T07:35:42.456-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:40.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1198",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1198/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34967",
"datePublished": "2024-05-07T22:54:40.491Z",
"dateReserved": "2021-06-17T19:27:05.656Z",
"dateUpdated": "2024-08-04T00:26:55.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34966 (GCVE-0-2021-34966)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:28:43.284858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:45.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1197",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1197/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.677-05:00",
"datePublic": "2021-10-15T07:35:30.853-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:39.596Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1197",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1197/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34966",
"datePublished": "2024-05-07T22:54:39.596Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34965 (GCVE-0-2021-34965)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:09:31.951882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:52.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1196",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1196/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.674-05:00",
"datePublic": "2021-10-15T07:35:19.344-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:38.726Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1196",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1196/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34965",
"datePublished": "2024-05-07T22:54:38.726Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34964 (GCVE-0-2021-34964)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:37:14.645944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:27:15.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1195",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1195/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.671-05:00",
"datePublic": "2021-10-15T07:35:09.007-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:37.825Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1195",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1195/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34964",
"datePublished": "2024-05-07T22:54:37.825Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34963 (GCVE-0-2021-34963)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:29:48.804332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:49.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1194",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1194/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.669-05:00",
"datePublic": "2021-10-15T07:34:57.208-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:36.900Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1194",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1194/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34963",
"datePublished": "2024-05-07T22:54:36.900Z",
"dateReserved": "2021-06-17T19:27:05.654Z",
"dateUpdated": "2024-08-04T00:26:55.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34962 (GCVE-0-2021-34962)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:27:23.495593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:50.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1193",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1193/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.666-05:00",
"datePublic": "2021-10-15T07:34:47.214-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:36.082Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1193",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1193/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34962",
"datePublished": "2024-05-07T22:54:36.082Z",
"dateReserved": "2021-06-17T19:27:05.654Z",
"dateUpdated": "2024-08-04T00:26:55.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34961 (GCVE-0-2021-34961)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:55:34.573958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:16:17.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1192",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1192/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.663-05:00",
"datePublic": "2021-10-15T07:34:35.849-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:35.184Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1192",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1192/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34961",
"datePublished": "2024-05-07T22:54:35.184Z",
"dateReserved": "2021-06-17T19:27:05.653Z",
"dateUpdated": "2024-08-04T00:26:55.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34960 (GCVE-0-2021-34960)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:37:04.831960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:25:25.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1191",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1191/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.661-05:00",
"datePublic": "2021-10-15T07:34:08.588-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:34.306Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1191",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1191/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34960",
"datePublished": "2024-05-07T22:54:34.306Z",
"dateReserved": "2021-06-17T19:27:05.653Z",
"dateUpdated": "2024-08-04T00:26:55.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34968 (GCVE-0-2021-34968)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:59:14.399196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:54.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1199",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1199/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.682-05:00",
"datePublic": "2021-10-15T07:35:54.295-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:41.342Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1199",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1199/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34968",
"datePublished": "2024-05-07T22:54:41.342Z",
"dateReserved": "2021-06-17T19:27:05.656Z",
"dateUpdated": "2024-08-04T00:26:55.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34967 (GCVE-0-2021-34967)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:21:41.982280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:42.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1198",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1198/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.679-05:00",
"datePublic": "2021-10-15T07:35:42.456-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:40.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1198",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1198/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34967",
"datePublished": "2024-05-07T22:54:40.491Z",
"dateReserved": "2021-06-17T19:27:05.656Z",
"dateUpdated": "2024-08-04T00:26:55.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34966 (GCVE-0-2021-34966)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:28:43.284858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:45.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1197",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1197/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.677-05:00",
"datePublic": "2021-10-15T07:35:30.853-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:39.596Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1197",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1197/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34966",
"datePublished": "2024-05-07T22:54:39.596Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34965 (GCVE-0-2021-34965)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:09:31.951882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:52.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1196",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1196/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.674-05:00",
"datePublic": "2021-10-15T07:35:19.344-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:38.726Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1196",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1196/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34965",
"datePublished": "2024-05-07T22:54:38.726Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34964 (GCVE-0-2021-34964)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:37:14.645944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:27:15.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1195",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1195/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.671-05:00",
"datePublic": "2021-10-15T07:35:09.007-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:37.825Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1195",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1195/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34964",
"datePublished": "2024-05-07T22:54:37.825Z",
"dateReserved": "2021-06-17T19:27:05.655Z",
"dateUpdated": "2024-08-04T00:26:55.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34963 (GCVE-0-2021-34963)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:29:48.804332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:49.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1194",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1194/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.669-05:00",
"datePublic": "2021-10-15T07:34:57.208-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:36.900Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1194",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1194/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34963",
"datePublished": "2024-05-07T22:54:36.900Z",
"dateReserved": "2021-06-17T19:27:05.654Z",
"dateUpdated": "2024-08-04T00:26:55.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34962 (GCVE-0-2021-34962)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0.49893:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:27:23.495593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:50.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1193",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1193/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.666-05:00",
"datePublic": "2021-10-15T07:34:47.214-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:36.082Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1193",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1193/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34962",
"datePublished": "2024-05-07T22:54:36.082Z",
"dateReserved": "2021-06-17T19:27:05.654Z",
"dateUpdated": "2024-08-04T00:26:55.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34961 (GCVE-0-2021-34961)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T14:55:34.573958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:16:17.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1192",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1192/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.663-05:00",
"datePublic": "2021-10-15T07:34:35.849-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:35.184Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1192",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1192/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34961",
"datePublished": "2024-05-07T22:54:35.184Z",
"dateReserved": "2021-06-17T19:27:05.653Z",
"dateUpdated": "2024-08-04T00:26:55.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34960 (GCVE-0-2021-34960)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit | PDF Editor |
Affected:
11.0.0.49893
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.4938",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.0.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.0.1.49983",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phantompdf",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.5.37672",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:37:04.831960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:25:25.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-21-1191",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1191/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Editor",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "11.0.0.49893"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.661-05:00",
"datePublic": "2021-10-15T07:34:08.588-05:00",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:34.306Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-21-1191",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1191/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "cor3sm4sh3r working with Volon Cyber Security Pvt Ltd"
},
"title": "Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34960",
"datePublished": "2024-05-07T22:54:34.306Z",
"dateReserved": "2021-06-17T19:27:05.653Z",
"dateUpdated": "2024-08-04T00:26:55.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}