CVE-2021-34970

LOW Year: 2021
CVSS v3 Score
3.3
Low
Weakness Type
CWE-134
View all →

Vulnerability Description

Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849.

Related Vulnerabilities

CVE-2019-14410

LOW
CVSS:3.3(Low)

Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).

CWE-1342019

CVE-2019-14412

LOW
CVSS:3.3(Low)

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).

CWE-1342019

CVE-2020-16142

LOW
CVSS:3.5(Low)

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.

CWE-1342020

CVE-2022-3023

MEDIUM
CVSS:4.2(Medium)

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.

CWE-1342022

CVE-2017-5524

MEDIUM
CVSS:4.3(Medium)

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

CWE-1342017

CVE-2017-7519

MEDIUM
CVSS:4.4(Medium)

In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.

CWE-1342017