Vulnerabilities > CVE-2022-25641 - Unspecified vulnerability in Foxit PDF Editor, PDF Reader and Phantompdf

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

foxit

NVD

Published: 2022-08-29

Updated: 2022-09-02

Summary

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.

Vulnerable Configurations

Part	Description	Count
Application	Foxit Foxit PDF Editor 11.0.0 Foxit PDF Editor 11.0.0.49893 Foxit PDF Editor 11.0.1.0719 Foxit PDF Editor 11.1 Foxit PDF Editor 11.2.0.53415 Foxit PDF Editor 11.2.1 Foxit PDF Reader 11.0.0.49893 Foxit PDF Reader 11.0.1.0719 Foxit PDF Reader 11.0.1.49938 Foxit PDF Reader 11.1 Foxit PDF Reader 11.1.0.52543 Foxit PDF Reader 11.2.1 Foxit PDF Reader 11.2.1.53537 Foxit Phantompdf *	14
OS	Microsoft Microsoft Windows -	1

References

https://www.foxit.com/support/security-bulletins.html