Foxit Reader 10.1.4.37651
8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
We have previously disclosed this vulnerability to Foxit as being present in Foxit Reader version 10.1.3.37598. The vulnerability was tracked as TALOS-2021-1287 and was assigned CVE-2021-21822. Release notes for Foxit Reader version 10.1.4.37651 purport that this vulnerability was fixed but a closer examination and testing reveals that not to be the case. The details of the vulnerability, as well as the proof of concept PDF document demonstrating it, is the same as in our previously published advisory.
2021-05-26 - Vendor Disclosure
2021-07-76 - Public Release
Discovered by Aleksandar Nikolic of Cisco Talos.