Multiple vulnerabilities in Foxit PhantomPDF and PDF Reader



Published: 2021-11-29
Risk High
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2021-34963
CVE-2021-34958
CVE-2021-34959
CVE-2021-34965
CVE-2021-34960
CVE-2021-34961
CVE-2021-34962
CVE-2021-34964
CVE-2021-34956
CVE-2021-34966
CVE-2021-34967
CVE-2021-34976
CVE-2021-34973
CVE-2021-34970
CVE-2021-34971
CVE-2021-34957
CVE-2021-34955
CVE-2021-34948
CVE-2021-34950
CVE-2021-34953
CVE-2021-34952
CVE-2021-34968
CVE-2021-34969
CVE-2021-34972
CVE-2021-34954
CVE-2021-34974
CVE-2021-34975
CVE-2021-34949
CVE-2021-34951
CWE-ID CWE-119
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU58419

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34963

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU58413

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34958

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU58414

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34959

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU58415

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU58416

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34960

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU58417

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34961

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Buffer overflow

EUVDB-ID: #VU58418

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34962

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Buffer overflow

EUVDB-ID: #VU58420

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34964

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Buffer overflow

EUVDB-ID: #VU58411

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34956

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Buffer overflow

EUVDB-ID: #VU58421

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34966

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Buffer overflow

EUVDB-ID: #VU58422

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34967

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU58423

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34976

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU58424

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34973

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds read

EUVDB-ID: #VU58425

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34970

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Buffer overflow

EUVDB-ID: #VU58426

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34971

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted JPEG2000 file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Buffer overflow

EUVDB-ID: #VU58412

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34957

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Buffer overflow

EUVDB-ID: #VU58410

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34955

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Buffer overflow

EUVDB-ID: #VU58397

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34948

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Buffer overflow

EUVDB-ID: #VU58398

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34950

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Buffer overflow

EUVDB-ID: #VU58399

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34953

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Buffer overflow

EUVDB-ID: #VU58400

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Buffer overflow

EUVDB-ID: #VU58402

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34968

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Buffer overflow

EUVDB-ID: #VU58403

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Buffer overflow

EUVDB-ID: #VU58404

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34972

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

25) Buffer overflow

EUVDB-ID: #VU58409

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34954

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

26) Buffer overflow

EUVDB-ID: #VU58405

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

27) Buffer overflow

EUVDB-ID: #VU58406

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34975

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

28) Buffer overflow

EUVDB-ID: #VU58407

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34949

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

29) Buffer overflow

EUVDB-ID: #VU58408

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34951

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 11.0.0.49893 - 11.0.1.49938

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.5.37672, 11.0.0.49893 - 11.0.1.49938


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PhantomPDF+10.1.62021-11-29+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###