HomePentest-Tools.com Logo

Foxit Reader Multiple Vulnerabilities January-01 2023 CVE-2022-47881CVE-2022-25641CVE-2022-30557CVE-2022-28670CVE-2022-28669CVE-2022-28671CVE-2022-28672CVE-2022-28673CVE-2022-28675CVE-2022-28676CVE-2022-28674CVE-2022-28678CVE-2022-28680CVE-2022-28679CVE-2022-28677CVE-2022-28681CVE-2022-28683CVE-2022-28682

Severity
CVSSv3 Score
6.5
Vulnerability description

Foxit Reader is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to, - The use of null pointer without proper validation as the application fails to get the CF dictionary when handling certain encrypted PDFs with abnormal encryption dictionary. - The parsing error as the parsing engine fails to use the cross-reference information correctly when parsing certain compressed objects. - The improper compiling for an Unsigned32 result in the V8 JavaScript Engine. - Out-of-Bounds Read Information Disclosure or Use-After-Free Remote Code Execution vulnerabilities. - The use of object that has been freed as the application fails to update the copy of the pointer after a page is deleted when executing the deletePages method. - The application fails to properly validate the allocation boundaries for objects when handling certain JavaScripts. Successful exploitation allow attackers to conduct arbitrary code execution.

Recommendation

Upgrade to Foxit PhantomPDF 11.2.2 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 29, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available