Multiple vulnerabilities in Foxit Reader

Описание

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. Denial of service vulnerability can be exploited remotely to cause denial of service.
2. Out-Of-Bounds Read vulnerability in JP2 File Parsing can be exploited remotely to bypass security restrictions and obtain sensitive information
3. Out-Of-Bounds Read vulnerability in PRC File Parsing can be exploited remotely to execute arbitrary code
4. Out-Of-Bounds Read vulnerability in PRC File Parsing can be exploited remotely to bypass security restrictions and obtain sensitive information
5. An elevation of privilege vulnerability in Foxit PDF Reader Update Service can be exploited remotely to gain privileges.
6. Out-Of-Bounds Read vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to obtain sensitive information.
7. Use After Free vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.
8. Improper Verification of Cryptographic Signature vulnerability in handling signed document that contain JavaScript can be exploited remotely to bypass security restrictions.
9. Use After Free vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to obtain sensitive information.
10. Download of Code Without Integrity Check vulnerability in Start Page can be exploited remotely to obtain sensitive information.
11. NULL Pointer Dereference vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.
12. Out-of-bounds Read vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• Foxit Security Bulletins
  

Связанные продукты

• Foxit-Reader
• Foxit-Reader-Enterprise

Список CVE

• CVE-2025-32451
  critical
• CVE-2025-9323
  high
• CVE-2025-9324
  high
• CVE-2025-9325
  high
• CVE-2025-9326
  critical
• CVE-2025-9327
  high
• CVE-2025-9328
  critical
• CVE-2025-9329
  critical
• CVE-2025-9330
  critical
• CVE-2025-55307
  unknown
• CVE-2025-55314
  unknown
• CVE-2025-55311
  unknown
• CVE-2025-55308
  unknown
• CVE-2025-55310
  unknown
• CVE-2025-55313
  unknown
• CVE-2025-55312
  unknown
• CVE-2025-55309
  unknown

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com