The vulnerability of the Foxit Reader text viewer program and the Foxit PhantomPDF PDF editing program, related to the execution of operations outside the buffer in memory, allows attackers to execute arbitrary code.

🗓️ 17 Nov 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Foxit Reader and Foxit PhantomPDF have memory overrun vulnerability that enables remote code execution.

Reporter	Title	Published	Views	Family All 17
CNNVD	多款Foxit产品资源管理错误漏洞	12 Oct 202100:00	–	cnnvd
CVE	CVE-2021-41782	29 Aug 202204:54	–	cve
Cvelist	CVE-2021-41782	29 Aug 202204:54	–	cvelist
EUVD	EUVD-2021-28790	3 Oct 202520:07	–	euvd
Tenable Nessus	Foxit PDF Editor < 11.1 Multiple Vulnerabilities	12 Oct 202100:00	–	nessus
Tenable Nessus	Foxit PhantomPDF < 10.1.6 Multiple Vulnerabilities	29 Nov 202100:00	–	nessus
Tenable Nessus	Foxit PDF Reader < 11.1 Multiple Vulnerabilities	12 Oct 202100:00	–	nessus
Kaspersky	KLA12317 Multiple vulnerabilities in Foxit Reader	12 Oct 202100:00	–	kaspersky
NCSC	Vulnerabilities fixed in Foxit products	14 Oct 202100:00	–	ncsc
NVD	CVE-2021-41782	29 Aug 202205:15	–	nvd

Vulners

Node

foxit_software pdf_readerRange≤11.0.1.49938

OR

foxit_software pdf_editorRange≤11.0.1.49938

OR

foxit_software pdf_editorRange≤11.0.0.49893

OR

foxit_software pdf_editorRange≤10.1.5.37672

Source	Link
foxit	www.foxit.com/support/security-bulletins.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021101204
securitylab	www.securitylab.ru/vulnerability/525483.php
web	www.web.nvd.nist.gov/view/vuln/detail

17 Nov 2021 00:00Current

8High risk

Vulners AI Score8

CVSS 38.8

CVSS 210

EPSS0.0011

foxit reader foxit phantompdf memory overrun vulnerability remote code execution