QSearchQSearch

CVE-2021-38563

9.8 CRITICAL

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1

Published: 2021-08-11 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-129

Affected products

VendorProduct
foxitpdf_editor, pdf_reader
foxitsoftwarepdf_editor, pdf_reader

Description

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write).

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-12057 When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfac... (8.6 HIGH)
  • CVE-2021-38574 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
  • CVE-2021-38573 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
  • CVE-2021-38572 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
  • CVE-2021-38571 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (7.8 HIGH)

Same CWE

  • CVE-2026-45624 ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
  • CVE-2026-45359 ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
  • CVE-2026-24181 NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation (7.3 HIGH)
  • CVE-2026-25276 Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
  • CVE-2026-46163 In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX pa... (7.8 HIGH)