CRITICAL🇵🇱 Wersja polska

CVE-2021-38573

CVSS 9.8v3.1pub. 2021-08-11upd. 2024-11-21

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Foxitsoftware Foxit Reader

    APP
    Foxitsoftware
    < 10.1.4
  • Foxitsoftware Phantompdf

    APP
    Foxitsoftware
    < 10.1.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-38568CRITICAL9.8ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conve...

CVE-2021-38570CRITICAL9.1ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary ...

CVE-2021-33793CRITICAL9.8ten sam produkt

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Referenc...

CVE-2021-33794CRITICAL9.1ten sam produkt

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash a...

CVE-2021-38572CRITICAL9.8ten sam produkt

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files bec...