CVE-2022-25641 Foxit PDF Reader and Editor before 11.2.2, and PhantomPDF before 10.1.8 mishandle cross-reference information when compressing objects. This may lead to undefined behavior or a crash.

Both of these vulnerabilities are publicly known and were addressed by several PDF library vendors in early 2018. Users of these products are strongly advised to upgrade to the latest stable releases on their vendor’s websites. If you are running an older version on a critical system, you should consider upgrading the system to a version that is more than a month old.

Foxit is committed to providing frequent updates to its products, and we urge users to upgrade to the latest release whenever possible. Foxit PDF Reader and Foxit PDF Editor are vulnerable to a number of serious security issues. Foxit is aware of a number of publicly disclosed vulnerabilities affecting these products. Foxit will be issuing updates to correct the problems in a future release.

Foxit PDF Reader is Vulnerable to CVE-2022-25641

Foxit PDF Reader is vulnerable to an integer overflow that could lead to out of bounds memory read and execution of arbitrary code. This vulnerability was publicly disclosed in early 2018 and affects FoxitPDFReader_x64.dll file. The following operating systems are currently affected:
Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016.
On general purpose computers with a default configuration these vulnerabilities can be exploited without user interaction or privilege escalation.

Timeline

Published on: 08/29/2022 05:15:00 UTC
Last modified on: 09/02/2022 16:26:00 UTC

References