Login Sign Up

CVE-2021-34973

5.5 MEDIUM

📋 TL;DR

CVE-2021-34973 is a use-after-free vulnerability in Foxit PDF Reader's PDF file parsing that allows attackers to disclose sensitive information. Users who open malicious PDF files or visit malicious web pages are affected. This vulnerability can be combined with other exploits to potentially execute arbitrary code.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to 11.1.0.52543
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: User interaction required - victim must open malicious PDF or visit malicious webpage

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers combine this information disclosure vulnerability with other exploits to achieve remote code execution, potentially compromising the entire system.

🟠

Likely Case

Sensitive information from memory is disclosed, which could include credentials, session data, or other confidential information.

🟢

If Mitigated

With proper controls, only limited information disclosure occurs without code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user interaction and combination with other vulnerabilities for full exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.0.52543 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from Foxit website 2. Run installer 3. Restart system 4. Verify version is 11.1.0.52543 or higher

🔧 Temporary Workarounds

Disable JavaScript in PDF Reader

windows

Prevents malicious JavaScript execution in PDF files

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

windows

Open PDFs in sandboxed protected view mode

Open Foxit Reader > File > Preferences > General > Check 'Open documents in Protected View'

🧯 If You Can't Patch

  • Block PDF files from untrusted sources at network perimeter
  • Use alternative PDF reader software temporarily

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version in Help > About

Check Version:

wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 11.1.0.52543 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Multiple PDF parsing errors in application logs
  • Unexpected memory access patterns

Network Indicators:

  • Downloads of PDF files from suspicious sources
  • Outbound connections after PDF opening

SIEM Query:

source="foxit_reader.log" AND (event="memory_access_violation" OR event="pdf_parse_error")

📊 Metadata

CVE ID: CVE-2021-34973
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-416
Published: May 7, 2024
Last Updated: August 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34973, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)