Home

CVE-2021-33794

Description

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.027

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 10(EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader Enterprise 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 10.1.3.37598Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-336612Foxit Reader (2024.1.0.23997)
PATCH-336614Foxit Reader Enterprise (2024.1.0.23997)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234