Lucene search
PRIOn knowledge basePRION:CVE-2021-31454HistoryMay 07, 2021 - 9:15 p.m.
Heap overflow
2021-05-0721:15:00
PRIOn knowledge base
www.prio-n.com
1
0.003 Low
EPSS
Percentile
69.8%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Decimal element. A crafted leadDigits value in a Decimal element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-13095.
| CPE | Name | Operator | Version |
|---|---|---|---|
| foxit_reader | le | 10.1.3.37598 | |
| phantompdf | le | 9.7.5.29616 | |
| phantompdf | ge | 10.0.0.0 | |
| phantompdf | le | 10.1.3.37598 |
Related
cve
cve
CVE-2021-31454
2021-05-07 21:15:07
cvelist
cvelist
CVE-2021-31454
2021-05-07 20:16:25
nvd
nvd
CVE-2021-31454
2021-05-07 21:15:07
zdi
zdi
kaspersky
kaspersky
KLA12166 Multiple vulnerabilities in Foxit Reader
2021-05-06 00:00:00
nessus
nessus
Foxit PhantomPDF < 10.1.4 Multiple Vulnerabilities
2021-05-10 00:00:00
Foxit Reader < 10.1.4 Multiple Vulnerabilities
2021-05-10 00:00:00