CVE-2021-34975

2024-05-0723:15:00

[email protected]

web.nvd.nist.gov

cve-2021-34975

foxit pdf reader

use-after-free

remote code execution

vulnerability

user interaction

malicious page

malicious file

transitiontostate method

object validation

code execution

zdi-can-15218

nvd

7.8 High

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218.