CVE-2021-40326
MEDIUMFoxit PDF Editor 11.0-11.1, Reader 11.0-11.1, PhantomPDF <10.1.6 - Arbitrary File Write
Title source: llmDescription
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.foxit.com/support/security-bulletins.html
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
19.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-347
Status
published
Products (3)
foxit/pdf_editor
11.0 - 11.1
foxit/pdf_reader
11.0 - 11.1
foxit/phantompdf
< 10.1.6
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026