CVE-2021-38563

EPSS 0.02%
Veröffentlicht 11.08.2021 22:15:08
Zuletzt bearbeitet 21.11.2024 06:17:28
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Reader Version <= 11.0.0.0510

Foxitsoftware ≫ Pdf Editor Version <= 11.0.0.0510

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.foxitsoftware.com/support/security-bulletins.php

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-38563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38563

EUVD