CVE-2022-25641

2022-08-2905:15:08

mitre

web.nvd.nist.gov

142

foxit pdf reader

foxit pdf editor

phantompdf

cve-2022-25641

cross-reference mishandling

signed documents

incremental saving attack

shadow attack

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.

Affected configurations

Nvd

Node

foxitpdf_editorRange11.0–11.2.2

foxitpdf_readerRange11.0–11.2.2

foxitphantompdfRange<10.1.8

AND

microsoftwindowsMatch-

VendorProductVersionCPE
foxitpdf_editor*cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
foxitpdf_reader*cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
foxitphantompdf*cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxit	pdf_editor	*	cpe:2.3:a:foxit:pdf_editor::::::::
foxit	pdf_reader	*	cpe:2.3:a:foxit:pdf_reader::::::::
foxit	phantompdf	*	cpe:2.3:a:foxit:phantompdf::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*