CVE-2022-25641 - OpenCVE

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Foxit	Phantompdf Pdf Reader Pdf Editor
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_reader::::::::
	cpe:2.3:a:foxit:phantompdf::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.foxit.com/support/security-bulletins.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-29T04:53:44

Updated: 2022-08-29T04:53:44

Reserved: 2022-02-22T00:00:00

Link: CVE-2022-25641

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-29T05:15:08.213

Modified: 2022-09-02T16:26:39.857

Link: CVE-2022-25641

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "79246670-EA2A-4425-8F7B-22FE543CB6AA", "versionEndExcluding": "11.2.2", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "62C14FC2-9F3B-43B8-9C6C-396C68F4CD8A", "versionEndExcluding": "11.2.2", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B57B986-46BB-446A-BE59-A762AE51F6C9", "versionEndExcluding": "10.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack."}, {"lang": "es", "value": "Foxit PDF Reader versiones anteriores a 11.2.2 y PDF Editor versiones anteriores a 11.2.2, y PhantomPDF versiones anteriores a 10.1.8, manejan inapropiadamente la informaci\u00f3n de referencias cruzadas durante el an\u00e1lisis de objetos comprimidos dentro de los documentos firmados. Esto conlleva a una entrega de informaci\u00f3n de firma incorrecta por medio de un Ataque de Guardado Incremental y un Ataque de Sombra"}], "id": "CVE-2022-25641", "lastModified": "2022-09-02T16:26:39.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T05:15:08.213", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}