Home

CVE-2021-38569

Description

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.018

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 10(EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit Reader Enterprise 10.1.3.37598Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 10.1.3.37598Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-336612Foxit Reader (2024.1.0.23997)
PATCH-336614Foxit Reader Enterprise (2024.1.0.23997)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234