Main Vulnerability Database Vulnerabilities #VU52957

#VU52957 Use of Uninitialized Variable in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF)

Published: May 6, 2021

Vulnerability identifier: #VU52957

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-457

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms. A remote attacker can trick the victim into opening a specially crafted PDF file and gain access to sensitive information or crash the application.

Remediation

Install updates from vendor's website.

External links

https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00