Home

CVE-2021-33795

Description

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.023

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 10(EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader Enterprise 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 10.1.3.37598Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-336612Foxit Reader (2024.1.0.23997)
PATCH-336614Foxit Reader Enterprise (2024.1.0.23997)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234