November 14, 2022
Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
Foxit PDF document viewer has been updated to address a number of use-after-free security vulnerabilities that might be exploited to execute arbitrary code.
To exploit these vulnerabilities, an attacker must persuade a victim into opening a malicious file.
- CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129 (CVSS 3.1: 8.8, High Severity) – use-after-free vulnerabilities, successful exploitation of this vulnerabilites may lead to arbitrary code execution and memory leak attacks.
- Foxit PDF Reader / Foxit 188.8.131.5230 and earlier.
- Foxit PDF Editor / Foxit PhantomPDF 184.108.40.20630, 220.127.116.1194, 18.104.22.168593 and all previous 11.x versions, 10.1.9.37808 and earlier.
CYREBRO recommends updating their software installations to the latest versions.
References: Foxit Advisory