CRITICAL🇬🇧 English

CVE-2021-38572

CVSS 9.8v3.1pub. 2021-08-11upd. 2024-11-21

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Foxitsoftware Foxit Reader

    APP
    Foxitsoftware
    < 10.1.4
  • Foxitsoftware Phantompdf

    APP
    Foxitsoftware
    < 10.1.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-38568CRITICAL9.8ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conve...

CVE-2021-38570CRITICAL9.1ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary ...

CVE-2021-33793CRITICAL9.8ten sam produkt

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Referenc...

CVE-2021-33794CRITICAL9.1ten sam produkt

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash a...

CVE-2021-38573CRITICAL9.8ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files bec...