Soiax

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.109 **Description** A heap buffer overflow exists in PDFium, a component of Google Chrome. This issue allows a remote attacker to cause an out-of-bounds memory write by using a specially crafted PDF file. **Recommendations** Update Google Chrome to version 145.0.7632.109 or later.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** Foxit PDF Reader contains a flaw in the parsing of JP2 files due to insufficient validation of user-supplied data. This can lead to a read past the end of an allocated object, potentially disclosing sensitive information. User interaction is required, such as visiting a malicious page or opening a malicious file. An attacker could potentially leverage this issue, in conjunction with other vulnerabilities, to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.84 Microsoft Edge (affected versions not specified) **Description** A heap buffer overflow in PDFium allows a remote attacker to perform an out of bounds memory read via a crafted PDF file. This issue is related to the PDF content handler in PDFium, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted PDF file. **Recommendations** For Google Chrome versions prior to 128.0.6613.84, update to version 128.0.6613.84 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.2.53575 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of PDF files, specifically when crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.2.53575, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for this version. As a temporary measure, avoid opening suspicious PDF files or visiting untrusted websites to minimize the risk of exploitation.