Multiple vulnerabilities in Foxit PDF Reader

Описание

Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability can be exploited to execute arbitrary code.
2. NULL pointer dereference vulnerability can be exploited to cause denial of service.
3. Security bypass vulnerability in iManage 10 plugin’s logging function can be exploited via special crafted configuration file to obtain sensitive information or cause denial of service.
4. Use after free vulnerability can be exploited remotely to cause denial of service or execute arbitrary code.
5. Memory corruption vulnerability in JavaScript can be exploited remotely to cause denial of service.
6. Out of bounds read/write vulnerability can be exploited remotely via special crafted files to execute arbitrary code.
7. Use after free vulnerability can be exploited remotely to execute arbitrary code.
8. Use after free or out of bounds read vulnerability in JavaScript API can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.
9. Uncontrolled search path element privilege escalation vulnerability can be exploited via special crafted DLL files to gain privileges.
10. Stack based buffer overflow vulnerability can be exploited remotely via special crafted XFA file to cause denial of service.
11. Array Out-of-Bounds vulnerability can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.

Первичный источник обнаружения

• Security updates available in Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1
  

Связанные продукты

• Foxit-Reader
• Foxit-Reader-Enterprise

Список CVE

• CVE-2021-44708
  critical
• CVE-2021-44709
  critical
• CVE-2021-44741
  high
• CVE-2021-44740
  high
• CVE-2018-1285
  critical
• CVE-2021-40420
  critical
• CVE-2022-22150
  critical
• CVE-2022-24907
  critical
• CVE-2022-24363
  critical
• CVE-2022-24366
  critical
• CVE-2022-24908
  critical
• CVE-2022-24357
  critical
• CVE-2022-24358
  critical
• CVE-2022-24360
  critical
• CVE-2022-24359
  critical
• CVE-2022-24365
  critical
• CVE-2022-24362
  critical
• CVE-2022-24367
  critical
• CVE-2022-24369
  critical
• CVE-2022-24361
  critical
• CVE-2022-24364
  critical
• CVE-2022-24955
  critical
• CVE-2022-24954
  critical
• CVE-2022-24368
  high
• CVE-2022-24971
  critical
• CVE-2022-25108
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com