CVE-2021-38569

7.5 HIGH

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4

Published: 2021-08-11 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-674

Affected products

Vendor	Product
foxitsoftware	foxit_reader, phantompdf

Description

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38569
[Vendor advisory]https://www.foxitsoftware.com/support/security-bulletins.php
[Vendor advisory]https://www.foxitsoftware.com/support/security-bulletins.php

Related CVEs

Same vendor

CVE-2021-38574 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
CVE-2021-38573 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
CVE-2021-38572 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.8 CRITICAL)
CVE-2021-38571 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (7.8 HIGH)
CVE-2021-38570 — An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4 (9.1 CRITICAL)

Same CWE

CVE-2025-7010 — Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Serv... (5.5 MEDIUM)
CVE-2025-7005 — Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the anti... (5.5 MEDIUM)
CVE-2026-4870 — IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontr... (7.5 HIGH)
CVE-2026-48734 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-46557 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)