CVE-2022-43640 – Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43640
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-22-1660 • CWE-125: Out-of-bounds Read •
CVE-2022-43641 – Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43641
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-22-1661 • CWE-416: Use After Free •
CVE-2022-40129
https://notcve.org/view.php?id=CVE-2022-40129
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de use-after-free en el motor JavaScript del Lector PDF de Foxit Software, versión 12.0.1.12430. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1614 • CWE-416: Use After Free •
CVE-2022-38097
https://notcve.org/view.php?id=CVE-2022-38097
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de use-after-free en el motor JavaScript del PDF Reader de Foxit Software, versión 12.0.1.12430. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1601 • CWE-416: Use After Free •
CVE-2022-37332
https://notcve.org/view.php?id=CVE-2022-37332
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de use-after-free en el motor JavaScript del PDF Reader de Foxit Software, versión 12.0.1.12430. • https://github.com/SpiralBL0CK/CVE-2022-37332-RCE- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1602 • CWE-416: Use After Free •