CVE-2021-40326
First published: Mon Aug 29 2022(Updated: )
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit PDF Editor | >=11.0<11.1 | |
| Foxit PDF Reader | >=11.0<11.1 | |
| Foxit PhantomPDF | <10.1.6 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-40326.
What software versions are affected by CVE-2021-40326?
The affected software versions are Foxit PDF Reader before 11.1, PDF Editor before 11.1, and PhantomPDF before 10.1.6.
What is the severity level of CVE-2021-40326?
The severity level of CVE-2021-40326 is medium.
How does CVE-2021-40326 impact signed documents?
CVE-2021-40326 mishandles hidden and incremental data in signed documents, allowing an attacker to write to an arbitrary file and display controlled contents during signature verification.
Is Microsoft Windows affected by CVE-2021-40326?
No, Microsoft Windows is not affected by CVE-2021-40326.
Where can I find more information about CVE-2021-40326?
You can find more information about CVE-2021-40326 in the security bulletins provided by Foxit at the following reference: [Foxit Security Bulletins](https://www.foxit.com/support/security-bulletins.html).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- vendor/foxit
- canonical/foxit pdf editor
- version/foxit pdf editor/11.0
- canonical/foxit pdf reader
- version/foxit pdf reader/11.0
- canonical/foxit phantompdf
- vendor/microsoft
- canonical/microsoft windows