Popular PDF document reader Foxit Reader has been updated to address multiple use-after-free security bugs that could be exploited for arbitrary code execution.
The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface.
This week, Cisco’s Talos security researchers have published information on four vulnerabilities in Foxit Reader’s JavaScript engine that could be exploited to achieve arbitrary code execution.
The issues, tracked as CVE-2022-32774, CVE-2022-38097, CVE-2022-37332 and CVE-2022-40129, have a CVSS score of 8.8 and are described as use-after-free vulnerabilities.
“A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution,” Cisco explains.
An attacker looking to exploit these vulnerabilities would need to trick a user into opening a malicious file. According to Cisco, if the Foxit browser plugin extension is enabled, the bugs can be triggered when the user navigates to a malicious website.
Cisco reported the security defects to Foxit in September. This week, Foxit released version 12.0.1.12430 of its PDF reader to address all issues. Users are advised to update to the latest software iteration as soon as possible.
Related: Apple Patches Remote Code Execution Flaws in iOS, macOS
Related: Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products
Related: Citrix Patches Critical Vulnerability in Gateway, ADC
Related: SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5

More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
