Multiple vulnerabilities in Foxit PDF Reader

Описание

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Out of bounds read vulnerability in AcroForm can be exploited to obtain sensitive information.
2. Use after free vulnerability in JavaScript engine can be exploited to cause denial of service or execute arbitrary code.
3. Use after free vulnerability in Annotation can be exploited to execute arbitrary code.
4. Type confusion vulnerability in Javascript checkThisBox method can be exploited to cause denial of service and execute arbitrary code.
5. Use after free vulnerability in AcroForm Doc Object can be exploited to execute arbitrary code.
6. Out of bounds read vulnerability in AcroForm signature can be exploited to execute arbitrary code.
7. Out of bounds read vulnerability in PDF File Parsing can be exploited to obtain sensitive information.
8. Out of bounds write vulnerability in AcroForm Doc Object can be exploited to execute arbitrary code.
9. Use after free vulnerability in Annotation can be exploited to obtain sensitive information.
10. Use after free vulnerability in XFA Annotation can be exploited to execute arbitrary code.
11. Out of bounds read vulnerability in Doc Object can be exploited to obtain sensitive information.
12. Out of bounds read vulnerability in AcroForm Doc Object can be exploited to obtain sensitive information.

Первичный источник обнаружения

• Security updates available in Foxit PDF Reader 12.1.3 and Foxit PDF Editor 12.1.3
  

Связанные продукты

• Foxit-Reader
• Foxit-Reader-Enterprise

Список CVE

• CVE-2023-38115
  unknown
• CVE-2023-28744
  critical
• CVE-2023-38111
  unknown
• CVE-2023-32664
  critical
• CVE-2023-33866
  critical
• CVE-2023-38117
  unknown
• CVE-2023-33876
  critical
• CVE-2023-38119
  unknown
• CVE-2023-38106
  unknown
• CVE-2023-38118
  unknown
• CVE-2023-38113
  unknown
• CVE-2023-38114
  unknown
• CVE-2023-27379
  critical
• CVE-2023-38112
  unknown
• CVE-2023-38116
  unknown
• CVE-2023-38105
  unknown
• CVE-2023-38110
  unknown
• CVE-2023-38108
  unknown
• CVE-2023-38109
  unknown
• CVE-2023-38107
  unknown

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com