Login Sign Up

CVE-2021-34970

5.5 MEDIUM

📋 TL;DR

This is a format string vulnerability in Foxit PDF Reader's print method that allows information disclosure. Attackers can exploit it by tricking users into opening malicious PDF files or visiting malicious web pages. The vulnerability affects users of Foxit PDF Reader who open untrusted documents.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to 11.0.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: User interaction required - victim must open malicious PDF or visit malicious webpage

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could combine this information disclosure vulnerability with other exploits to achieve arbitrary code execution in the context of the current user, potentially leading to full system compromise.

🟠

Likely Case

Remote attackers disclose sensitive memory information from the Foxit PDF Reader process, which could include pointers, stack data, or other information useful for further exploitation.

🟢

If Mitigated

With proper controls, the impact is limited to information disclosure only, preventing escalation to code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction and likely needs to be combined with other vulnerabilities for full exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.1 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader
2. Go to Help > Check for Updates
3. Follow prompts to update to version 11.0.1 or later
4. Restart the application

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

windows

Prevents malicious PDFs from executing JavaScript that could trigger the vulnerability

1. Open Foxit Reader
2. Go to File > Preferences
3. Select JavaScript
4. Uncheck 'Enable JavaScript'
5. Click OK

Use Alternative PDF Reader

all

Temporarily use a different PDF reader while waiting for patching

🧯 If You Can't Patch

  • Restrict user permissions to limit potential damage from exploitation
  • Implement application whitelisting to prevent unauthorized PDF readers

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version: Open Foxit Reader > Help > About Foxit Reader

Check Version:

Not applicable - check via GUI as described

Verify Fix Applied:

Verify version is 11.0.1 or higher in Help > About Foxit Reader

📡 Detection & Monitoring

Log Indicators:

  • Unusual Foxit Reader process crashes
  • Multiple print method calls from single PDF

Network Indicators:

  • Downloads of PDF files from untrusted sources
  • Network connections initiated by Foxit Reader to suspicious domains

SIEM Query:

Process:foxitreader.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:pdf AND SourceIP:(suspicious_ips)

📊 Metadata

CVE ID: CVE-2021-34970
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-134
Published: May 7, 2024
Last Updated: August 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34970, you might also want to check these:

CVE-2021-41193 9.8

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling compo...

Same vulnerability type (CWE-134)
CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2023-5746 9.8

A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitra...

Same vulnerability type (CWE-134)