CVE-2021-21870

Name of the Vulnerable Software and Affected Versions Foxit Software’s PDF Reader version 10.1.4.37651

Description A use-after-free issue exists in the JavaScript engine of Foxit Software’s PDF Reader. This can be triggered by a specially crafted PDF document, leading to the reuse of previously free memory, which can result in arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this issue if the browser plugin extension is enabled.

Recommendations For version 10.1.4.37651, consider disabling the browser plugin extension as a temporary workaround until a patch is available. Restrict access to potentially malicious PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.