CVE-2021-40326

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:23

Type Values Removed Values Added
References () https://www.foxit.com/support/security-bulletins.html - Vendor Advisory () https://www.foxit.com/support/security-bulletins.html - Vendor Advisory

Information

Published : 2022-08-29 05:15

Updated : 2024-11-21 06:23


NVD link : CVE-2021-40326

Mitre link : CVE-2021-40326

CVE.ORG link : CVE-2021-40326


JSON object : View

Products Affected

foxit

  • pdf_editor
  • phantompdf
  • pdf_reader

microsoft

  • windows
CWE
CWE-347

Improper Verification of Cryptographic Signature