CVE ID: CVE-2021-31443 CVSS Score: 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) Affected Vendors: Foxit Affected Products: Reader Vulnerability Details: - Remote attackers can disclose sensitive information on affected installations of Foxit Reader. - The flaw is due to improper validation of user-supplied data in handling U3D objects in PDF files, causing out-of-bounds reads. - It can be exploited to execute arbitrary code if combined with other vulnerabilities. Additional Details: Vendor has issued an update. More at: https://www.foxitsoftware.com/support/security-bulletins.php Disclosure Timeline: - 2021-02-10: Vulnerability reported to vendor - 2021-05-07: Coordination of public release of advisory - 2021-05-07: Advisory updated Credit: Mat Powell of Trend Micro Zero Day Initiative