Multiple vulnerabilities in Foxit PDF Reader

Описание

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Out of bounds read vulnerability in AcroForm can be exploited to obtain sensitive information.
2. Use after free vulnerability in JavaScript engine can be exploited to cause denial of service or execute arbitrary code.
3. Use after free vulnerability in Annotation can be exploited to execute arbitrary code.
4. Type confusion vulnerability in Javascript checkThisBox method can be exploited to cause denial of service and execute arbitrary code.
5. Use after free vulnerability in AcroForm Doc Object can be exploited to execute arbitrary code.
6. Out of bounds read vulnerability in AcroForm signature can be exploited to execute arbitrary code.
7. Out of bounds read vulnerability in PDF File Parsing can be exploited to obtain sensitive information.
8. Out of bounds write vulnerability in AcroForm Doc Object can be exploited to execute arbitrary code.
9. Use after free vulnerability in Annotation can be exploited to obtain sensitive information.
10. Use after free vulnerability in XFA Annotation can be exploited to execute arbitrary code.
11. Out of bounds read vulnerability in Doc Object can be exploited to obtain sensitive information.
12. Out of bounds read vulnerability in AcroForm Doc Object can be exploited to obtain sensitive information.

Первичный источник обнаружения

• Security updates available in Foxit PDF Reader 12.1.3 and Foxit PDF Editor 12.1.3
  

Связанные продукты

• Foxit-Reader
• Foxit-Reader-Enterprise

Список CVE

• CVE-2023-38115
  warning
• CVE-2023-28744
  critical
• CVE-2023-38111
  critical
• CVE-2023-32664
  critical
• CVE-2023-33866
  critical
• CVE-2023-38117
  critical
• CVE-2023-33876
  critical
• CVE-2023-38119
  critical
• CVE-2023-38106
  warning
• CVE-2023-38118
  critical
• CVE-2023-38113
  warning
• CVE-2023-38114
  critical
• CVE-2023-27379
  critical
• CVE-2023-38112
  critical
• CVE-2023-38116
  warning
• CVE-2023-38105
  warning
• CVE-2023-38110
  warning
• CVE-2023-38108
  warning
• CVE-2023-38109
  warning
• CVE-2023-38107
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com