An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HFoxitsoftware Foxit Reader
APPFoxitsoftware< 10.1.4Foxitsoftware Phantompdf
APPFoxitsoftware< 10.1.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2021-38568CRITICAL9.8ten sam produkt
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conve...
CVE-2021-38572CRITICAL9.8ten sam produkt
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files bec...
CVE-2021-33793CRITICAL9.8ten sam produkt
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Referenc...
CVE-2021-33794CRITICAL9.1ten sam produkt
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash a...
CVE-2021-38573CRITICAL9.8ten sam produkt
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files bec...