The vulnerability of PDF files created by AcroForms, a text viewing program called Foxit Reader, and the PDF editing program Foxit PhantomPDF, allowing attackers to disclose protected information.

🗓️ 07 Feb 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

AcroForms and Foxit PDF tools vulnerability enables memory overrun and data disclosure via crafted pages.

Reporter	Title	Published	Views	Family All 15
CNNVD	Foxit PDF Reader 缓冲区错误漏洞	15 Oct 202100:00	–	cnnvd
CNVD	Foxit PDF Reader Information Disclosure Vulnerability (CNVD-2021-100580)	19 Oct 202100:00	–	cnvd
CVE	CVE-2021-34972	7 May 202422:54	–	cve
Cvelist	CVE-2021-34972 Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability	7 May 202422:54	–	cvelist
EUVD	EUVD-2021-21619	7 Oct 202500:30	–	euvd
Tenable Nessus	Foxit PDF Editor < 11.1 Multiple Vulnerabilities	12 Oct 202100:00	–	nessus
Tenable Nessus	Foxit PhantomPDF < 10.1.6 Multiple Vulnerabilities	29 Nov 202100:00	–	nessus
Tenable Nessus	Foxit PDF Reader < 11.1 Multiple Vulnerabilities	12 Oct 202100:00	–	nessus
Kaspersky	KLA12317 Multiple vulnerabilities in Foxit Reader	12 Oct 202100:00	–	kaspersky
NVD	CVE-2021-34972	7 May 202423:15	–	nvd

Vulners

Node

foxit_software pdf_readerRange≤11.0.1.49938

OR

foxit_software pdf_editorRange≤11.0.1.49938

OR

foxit_software pdf_editorRange≤11.0.0.49893

OR

foxit_software pdf_editorRange≤10.1.5.37672

Source	Link
foxit	www.foxit.com/support/security-bulletins.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-1203/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021112906
safe-surf	www.safe-surf.ru/upload/VULN/VULN-20211130.5.pdf
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-1203/

07 Feb 2022 00:00Current

6Medium risk

Vulners AI Score6

CVSS 34.3

CVSS 25

EPSS0.0034

AcroForms vulnerability Foxit Reader Foxit PhantomPDF memory overrun data disclosure crafted pages