CVE-2021-34966

Name of the Vulnerable Software and Affected Versions Foxit PhantomPDF versions (affected versions not specified) Foxit Reader versions (affected versions not specified) Foxit PDF Editor versions (affected versions not specified)

Description The issue is related to a buffer overflow when handling annotation objects, which can be exploited by remote attackers to execute arbitrary code using a specially crafted malicious PDF file. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists due to the lack of validation of an object's existence before performing operations on it, allowing an attacker to execute code in the context of the current process.

Recommendations For Foxit PhantomPDF, update to a version that addresses the buffer overflow issue in annotation object handling. For Foxit Reader, update to a version that addresses the buffer overflow issue in annotation object handling. For Foxit PDF Editor, update to a version that addresses the buffer overflow issue in annotation object handling, specifically in the handling of FileAttachment Annotation objects. As a temporary workaround, consider disabling the handling of annotation objects until a patch is available. Restrict access to malicious PDF files to minimize the risk of exploitation.