Multiple vulnerabilities in Foxit PDF Reader

Описание

Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability can be exploited to execute arbitrary code.
2. NULL pointer dereference vulnerability can be exploited to cause denial of service.
3. Security bypass vulnerability in iManage 10 plugin’s logging function can be exploited via special crafted configuration file to obtain sensitive information or cause denial of service.
4. Use after free vulnerability can be exploited remotely to cause denial of service or execute arbitrary code.
5. Memory corruption vulnerability in JavaScript can be exploited remotely to cause denial of service.
6. Out of bounds read/write vulnerability can be exploited remotely via special crafted files to execute arbitrary code.
7. Use after free vulnerability can be exploited remotely to execute arbitrary code.
8. Use after free or out of bounds read vulnerability in JavaScript API can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.
9. Uncontrolled search path element privilege escalation vulnerability can be exploited via special crafted DLL files to gain privileges.
10. Stack based buffer overflow vulnerability can be exploited remotely via special crafted XFA file to cause denial of service.
11. Array Out-of-Bounds vulnerability can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.

Первичный источник обнаружения

• Security updates available in Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1
  

Связанные продукты

• Foxit-Reader
• Foxit-Reader-Enterprise

Список CVE

• CVE-2021-44708
  critical
• CVE-2021-44709
  critical
• CVE-2021-44741
  warning
• CVE-2021-44740
  warning
• CVE-2018-1285
  critical
• CVE-2021-40420
  high
• CVE-2022-22150
  high
• CVE-2022-24907
  warning
• CVE-2022-24363
  high
• CVE-2022-24366
  high
• CVE-2022-24908
  warning
• CVE-2022-24357
  high
• CVE-2022-24358
  high
• CVE-2022-24360
  high
• CVE-2022-24359
  high
• CVE-2022-24365
  high
• CVE-2022-24362
  high
• CVE-2022-24367
  high
• CVE-2022-24369
  high
• CVE-2022-24361
  high
• CVE-2022-24364
  high
• CVE-2022-24955
  critical
• CVE-2022-24954
  critical
• CVE-2022-24368
  warning
• CVE-2022-24971
  high
• CVE-2022-25108
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com