Skip to main content

Pdf Reader CVE-2021-38567

HIGH
NULL Pointer Dereference (CWE-476)
2021-08-11 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 11, 2021 - 22:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.

AnalysisAI

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204. Affected products include: Foxit Pdf Reader, Foxitsoftware Pdf Editor. Version information: before 11.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2024-49576 HIGH POC
8.8 Dec 18

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. Rated

CVE-2024-47810 HIGH POC
8.8 Dec 18

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. Rated high severi

CVE-2024-28888 HIGH POC
8.8 Oct 02

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. Rated high

CVE-2024-25938 HIGH POC
8.8 Apr 30

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. Rated high severi

CVE-2024-25648 HIGH POC
8.8 Apr 30

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. Rated high sever

CVE-2024-25575 HIGH POC
8.8 Apr 30

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. Rated

CVE-2023-33876 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Rated high se

CVE-2023-33866 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rat

CVE-2023-28744 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. Rat

CVE-2023-27379 HIGH POC
8.8 Jul 19

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rat

CVE-2021-21893 HIGH POC
8.8 Aug 05

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. Rat

CVE-2021-21870 HIGH POC
8.8 Aug 05

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. Rat

Share

CVE-2021-38567 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy