CVE-2021-40326 — MEDIUM (5.5)

Q: How severe is CVE-2021-40326?

CVE-2021-40326 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-40326?

Check the references section above for vendor advisories and patch information. Affected products include: Foxit Pdf Editor, Foxit Pdf Reader, Foxit Phantompdf, Microsoft Windows.

Vulnerability Description

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Foxit	Pdf Editor	>= 11.0, < 11.1
Foxit	Pdf Reader	>= 11.0, < 11.1
Foxit	Phantompdf	< 10.1.6
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-347

References

https://www.foxit.com/support/security-bulletins.htmlVendor Advisory
https://www.foxit.com/support/security-bulletins.htmlVendor Advisory

FAQ

What is CVE-2021-40326?

CVE-2021-40326 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and displa...

How severe is CVE-2021-40326?

CVE-2021-40326 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40326?

Check the references section above for vendor advisories and patch information. Affected products include: Foxit Pdf Editor, Foxit Pdf Reader, Foxit Phantompdf, Microsoft Windows.