CVE-2021-40420: Use After Free
First published: Fri Feb 04 2022(Updated: )
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit Reader | =11.1.0.52543 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40420?
CVE-2021-40420 is classified as a critical vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2021-40420?
To fix CVE-2021-40420, update Foxit PDF Reader to the latest version that addresses this vulnerability.
What products are affected by CVE-2021-40420?
CVE-2021-40420 affects Foxit PDF Reader version 11.1.0.52543.
What are the potential impacts of exploiting CVE-2021-40420?
Exploitation of CVE-2021-40420 can lead to arbitrary code execution on the affected system.
Who is at risk from CVE-2021-40420?
Users of Foxit PDF Reader version 11.1.0.52543 are at risk if they open malicious PDF documents.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/foxit
- canonical/foxit reader
- version/foxit reader/11.1.0.52543