CVE-2021-38569

HIGH

Foxit Reader & PhantomPDF <10.1.4 - Memory Corruption

Title source: llm

Description

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

References (1)

[Vendor Advisory] https://www.foxitsoftware.com/support/security-bulletins.php

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-674

Status published

Affected Products (2)

foxitsoftware/foxit_reader < 10.1.4

foxitsoftware/phantompdf < 10.1.4

Timeline

Published Aug 11, 2021

Tracked Since Feb 18, 2026