Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
November 14, 2022
Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
Foxit PDF document viewer has been updated to address a number of use-after-free security vulnerabilities that might be exploited to execute arbitrary code.
To exploit these vulnerabilities, an attacker must persuade a victim into opening a malicious file.
The Vulnerabilities
- CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129 (CVSS 3.1: 8.8, High Severity) – use-after-free vulnerabilities, successful exploitation of this vulnerabilites may lead to arbitrary code execution and memory leak attacks.
Affected Products
- Foxit PDF Reader / Foxit 12.0.1.12430 and earlier.
- Foxit PDF Editor / Foxit PhantomPDF 12.0.1.12430, 12.0.0.12394, 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier.
Mitigation
CYREBRO recommends updating their software installations to the latest versions.
References: Foxit Advisory
