Description
Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
- Heap buffer overflow vulnerability can be exploited to execute arbitrary code.
- NULL pointer dereference vulnerability can be exploited to cause denial of service.
- Security bypass vulnerability in iManage 10 plugin’s logging function can be exploited via special crafted configuration file to obtain sensitive information or cause denial of service.
- Use after free vulnerability can be exploited remotely to cause denial of service or execute arbitrary code.
- Memory corruption vulnerability in JavaScript can be exploited remotely to cause denial of service.
- Out of bounds read/write vulnerability can be exploited remotely via special crafted files to execute arbitrary code.
- Use after free vulnerability can be exploited remotely to execute arbitrary code.
- Use after free or out of bounds read vulnerability in JavaScript API can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.
- Uncontrolled search path element privilege escalation vulnerability can be exploited via special crafted DLL files to gain privileges.
- Stack based buffer overflow vulnerability can be exploited remotely via special crafted XFA file to cause denial of service.
- Array Out-of-Bounds vulnerability can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2021-44708 critical
- CVE-2021-44709 critical
- CVE-2021-44741 high
- CVE-2021-44740 high
- CVE-2018-1285 critical
- CVE-2021-40420 critical
- CVE-2022-22150 critical
- CVE-2022-24907 critical
- CVE-2022-24363 critical
- CVE-2022-24366 critical
- CVE-2022-24908 critical
- CVE-2022-24357 critical
- CVE-2022-24358 critical
- CVE-2022-24360 critical
- CVE-2022-24359 critical
- CVE-2022-24365 critical
- CVE-2022-24362 critical
- CVE-2022-24367 critical
- CVE-2022-24369 critical
- CVE-2022-24361 critical
- CVE-2022-24364 critical
- CVE-2022-24955 critical
- CVE-2022-24954 critical
- CVE-2022-24368 high
- CVE-2022-24971 critical
- CVE-2022-25108 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!