CVE-2021-41782: Use After Free
First published: Mon Aug 29 2022(Updated: )
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit PDF Editor | >=11.0<11.1 | |
| Foxit PDF Reader | >=11.0<11.1 | |
| Foxit PhantomPDF | <10.1.6 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Foxit PDF Reader, PDF Editor, and PhantomPDF vulnerability?
The vulnerability ID for this Foxit PDF Reader, PDF Editor, and PhantomPDF vulnerability is CVE-2021-41782.
What is the severity of CVE-2021-41782?
The severity of CVE-2021-41782 is high (7.8).
Which software versions are affected by CVE-2021-41782?
Foxit PDF Reader versions 11.0 to 11.1, Foxit PDF Editor versions 11.0 to 11.1, and Foxit PhantomPDF versions up to 10.1.6 are affected by CVE-2021-41782.
How can an attacker exploit CVE-2021-41782?
An attacker can exploit CVE-2021-41782 by triggering a use-after-free vulnerability and executing arbitrary code through mishandled JavaScript in Foxit PDF Reader, PDF Editor, and PhantomPDF.
Is Microsoft Windows vulnerable to CVE-2021-41782?
No, Microsoft Windows is not vulnerable to CVE-2021-41782.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/foxit
- canonical/foxit pdf editor
- version/foxit pdf editor/11.0
- canonical/foxit pdf reader
- version/foxit pdf reader/11.0
- canonical/foxit phantompdf
- vendor/microsoft
- canonical/microsoft windows