CVE-2021-21831: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-21831) was discovered in the JavaScript engine of Foxit Software's PDF Reader version 10.1.3.37598. The vulnerability was discovered by Aleksandar Nikolic of Cisco Talos and publicly disclosed on July 27, 2021, following the initial vendor disclosure on April 28, 2021 (Talos Report).

The vulnerability exists in the way Foxit Reader handles removal of fields from a page through the removeField method. When called with an empty string argument, the method incorrectly handles UTF8 string conversion, leading to removal of all fields in a document contrary to specifications. This behavior has significant side effects when executed inside an event handler, resulting in a use-after-free condition. The vulnerability has been assigned a CVSS v3.0 score of 8.8 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is classified as CWE-416 (Use After Free) (Talos Report).

If successfully exploited, this vulnerability could lead to arbitrary code execution on the victim's machine. The vulnerability affects both standalone PDF viewing and browser plugin scenarios, potentially allowing attackers to execute malicious code with the same privileges as the affected application (Talos Report).

Users are advised to update to Foxit Reader version 11.0.0.49893 or later, which contains fixes for this vulnerability. The fix was released as part of a security update addressing multiple vulnerabilities in the product (Talos Report).