CVE-2021-40326

Published: Aug 29, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.

Affected (3)

Products: Foxit: Pdf Editor, Pdf Reader, Phantompdf

3 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxit Pdf Editor	From 11.0 to 11.1
Foxit Pdf Reader	From 11.0 to 11.1
Foxit Phantompdf	Before 10.1.6

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.foxit.com/support/security-bulletins.html

Source: cve@mitre.org

Vendor Advisory

https://www.foxit.com/support/security-bulletins.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.