Vulnerabilities > CVE-2021-21822 - Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.3.37598

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
foxitsoftware
CWE-416

Summary

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.

Vulnerable Configurations

Part Description Count
Application
Foxitsoftware
1

Common Weakness Enumeration (CWE)