CVE-2021-38567 – This vulnerability in Foxit PDF software on mac... (How to Fix)

Q: What is the severity of CVE-2021-38567?

CVE-2021-38567 has a CVSS score of 7.5 (HIGH). This vulnerability in Foxit PDF software on macOS allows attackers to cause a crash via NULL pointer dereference by exploiting mishandled missing dictionary entries in PDF files. It affects users of Foxit PDF Editor and PDF Reader on macOS before version 11.0.1. The issue could potentially lead to denial of service or be leveraged for further exploitation.

📋 TL;DR

This vulnerability in Foxit PDF software on macOS allows attackers to cause a crash via NULL pointer dereference by exploiting mishandled missing dictionary entries in PDF files. It affects users of Foxit PDF Editor and PDF Reader on macOS before version 11.0.1. The issue could potentially lead to denial of service or be leveraged for further exploitation.

💻 Affected Systems

Products:

Foxit PDF Editor
Foxit PDF Reader

Versions: All versions before 11.0.1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS versions of Foxit software. Windows and other platforms are not affected.

📦 What is this software?

Pdf Editor by Foxitsoftware

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potential memory corruption that could be leveraged for arbitrary code execution if combined with other vulnerabilities.

🟠

Likely Case

Application crash when processing malicious PDF files, causing denial of service and potential data loss from unsaved work.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious PDF, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted via email attachments or shared documents containing malicious PDFs.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open a malicious PDF file. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.1

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.php

Restart Required: Yes

Instructions:

1. Open Foxit PDF Editor/Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 11.0.1 or later. 4. Restart the application after update completes.

🔧 Temporary Workarounds

Disable PDF opening in Foxit

macOS

Change default PDF handler to another application to prevent automatic opening in vulnerable Foxit versions

Right-click any PDF file > Get Info > Open with > Select alternative PDF reader > Change All

Restrict PDF file sources

all

Implement policies to only allow PDFs from trusted sources

🧯 If You Can't Patch

Use alternative PDF software for opening untrusted PDF files
Implement application whitelisting to block execution of vulnerable Foxit versions

🔍 How to Verify

Check if Vulnerable:

Check Foxit version: Open Foxit > Help > About Foxit PDF Editor/Reader. If version is below 11.0.1, system is vulnerable.

Check Version:

Open Foxit application and navigate to Help > About Foxit PDF Editor/Reader

Verify Fix Applied:

Verify version is 11.0.1 or higher in About dialog. Test opening various PDF files to ensure stability.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Foxit processes
Error messages related to NULL pointer dereference
Unexpected termination of Foxit processes

Network Indicators:

Unusual PDF file downloads followed by application crashes

SIEM Query:

source="*foxit*" AND (event_type="crash" OR error="*NULL*" OR error="*dereference*")

📊 Metadata

CVE ID: CVE-2021-38567

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: August 11, 2021

Last Updated: November 21, 2024

🔗 References

https://www.foxitsoftware.com/support/security-bulletins.php Vendor Advisory
https://www.foxitsoftware.com/support/security-bulletins.php Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38567, you might also want to check these: