Security Advisory

CVE-2021-21870

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-05 20:07:26
Last updated 2024-08-03 18:23:29
Assigner talos
State PUBLISHED

Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.