Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
References
Link | Resource |
---|---|
https://www.foxit.com/support/security-bulletins.html | Vendor Advisory |
https://www.foxit.com/support/security-bulletins.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.foxit.com/support/security-bulletins.html - Vendor Advisory |
Information
Published : 2022-08-29 05:15
Updated : 2024-11-21 06:23
NVD link : CVE-2021-40326
Mitre link : CVE-2021-40326
CVE.ORG link : CVE-2021-40326
JSON object : View
Products Affected
foxit
- pdf_editor
- phantompdf
- pdf_reader
microsoft
- windows
CWE
CWE-347
Improper Verification of Cryptographic Signature