Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-40326

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.

Published

2022-08-29T05:15:07.753

Last Modified

2024-11-21T06:23:51.870

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	foxit	pdf_editor	< 11.1	Yes
Application	foxit	pdf_reader	< 11.1	Yes
Application	foxit	phantompdf	< 10.1.6	Yes
Operating System	microsoft	windows	-	No

References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory ([email protected])
https://www.foxit.com/support/security-bulletins.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)