Vulnerability Details CVE-2021-21822
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.086
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-21822
-
cpe:2.3:a:foxitsoftware:foxit_reader:10.1.3.37598