CVE-2021-40420
Summary
| CVE | CVE-2021-40420 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-02-04 23:15:00 UTC |
|---|
| Updated | 2022-07-28 18:01:00 UTC |
|---|
| Description | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Foxit |
Pdf Reader |
11.1.0.52543 |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| TALOS-2021-1429 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence |
MISC |
talosintelligence.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376377 Foxit Reader Use After Free Vulnerability
- 376764 Foxit Reader and Foxit PDF Editor Prior to 11.2.1 Multiple Security Vulnerabilities
- 376802 Foxit PhantomPDF Prior to 10.1.7 Multiple Security Vulnerabilities
