Security updates released for Foxit Reader 10.1.4 and PhantomPDF 10.1.4

Security updates released for Foxit Reader 10.1.4 and PhantomPDF 10.1.4

Hello everyone,

 

Foxit has released Foxit Reader 10.1.4 and Foxit PhantomPDF 10.1.4, which address potential security and stability issues. The vulnerabilities addressed are as follows:

CVE ID
Vulnerability 
Cause 
Impact 
CVE-2021-31461
Application could crash, which could be exploited by attackers to execute remote code. 
This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation
Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow

CVE-2021-31452

CVE-2021-31473
An application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. 
This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation 
Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure 

CVE-2021-31441

CVE-2021-31450

CVE-2021-31453

CVE-2021-31451

CVE-2021-31455

CVE-2021-31456

CVE-2021-31457

CVE-2021-31458

CVE-2021-31459

CVE-2021-31460

CVE-2021-21822
An application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain XFA forms or annotation objects.
This occurs due to the use or access of the objects that have been released or deleted
Use-after-Free Remote Code Execution 
CVE-2021-31454
An application could crash, which could be exploited by attackers to execute remote code or disclose sensitive information.
This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute 
Out-of-Bounds Read or Heap-based Buffer Overflow 


To know in detail about the vulnerabilities patched, visit Foxit's security bulletin.

To install these updates using Desktop Central, initiate a sync between the Central Patch Repository and the Desktop Central server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.

Patch ID
Bulletin ID
Patch Description
319466
TU-540
Foxit PhantomPDF 10 (EXE) (10.1.4.37651)
319467
TU-540
Foxit PhantomPDF 10 (ML) (EXE) (10.1.4.37651)
319468
TU-540
Foxit PhantomPDF 10 (ML) (MSI) (10.1.4.37651)
319469
TU-540
Foxit PhantomPDF 10 (MSI) (10.1.4.37651)
319470
TU-023
Foxit Reader (10.1.4.37651)
319471
TU-023
Foxit Reader (ML) (10.1.4.37651)
319472
TU-120
Foxit Reader Enterprise (10.1.4.37651)
319473
TU-120
Foxit Reader Enterprise (ML) (10.1.4.37651)

Cheers,

The ManageEngine Team