CVE-2021-41784

Published Aug 29, 2022

Last updated 2 years ago

CVSS high 7.8

Overview

Description: Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64FC5358-5696-4AF0-A415-9DD745F99C79",
            "versionEndExcluding": "11.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98CC973C-C3EA-4AD3-81F9-A8FC55AD6B56",
            "versionEndExcluding": "11.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4ABB9A4-A4FC-40B4-99F9-43114D7D079A",
            "versionEndExcluding": "10.1.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References