==================================================================== CERT-Renater Note d'Information No. 2021/VULN170 _____________________________________________________________________ DATE : 22/03/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Foxit Reader, Foxit PhantomPDF versions prior to 10.1.3. . ===================================================================== https://www.foxitsoftware.com/support/security-bulletins.html _____________________________________________________________________ Security updates available in Foxit Reader 10.1.3 and Foxit PhantomPDF 10.1.3 Release date: March 22, 2021 Platform: Windows Summary Foxit has released Foxit Reader 10.1.3 and Foxit PhantomPDF 10.1.3, which address potential security and stability issues. Affected versions Product Affected versions Platform Foxit Reader 10.1.1.37576 and earlier Windows Foxit PhantomPDF 10.1.1.37576 and earlier Windows Solution Update your applications to the latest versions by following one of the methods below. From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version. Click here to download the updated version of Foxit Reader from our website. Click here to download the updated version of Foxit PhantomPDF from our website. Vulnerability details Brief Acknowledgement Addressed a potential issue where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the improper release of resources when parsing certain JPEG2000 files (ZDI-CAN-12230). ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================