Three of the vulnerabilities addressed by Foxit were identified by Cisco Talos researchers, all three leading to arbitrary code execution.

Tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893, the bugs carry CVSS severity score of 8.8. Due to the manner in which certain JavaScript code or annotation objects are handled, a maliciously crafted PDF file may lead to the reuse of previously free memory and arbitrary code execution.