CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
foxitpdf_editor
11.0 ≤
𝑥
< 11.2.2
foxitpdf_reader
11.0 ≤
𝑥
< 11.2.2
foxitphantompdf
𝑥
< 10.1.8
𝑥
= Vulnerable software versions
References
https://www.foxit.com/support/security-bulletins.html
https://www.foxit.com/support/security-bulletins.html