PT-2022-17011 · Foxit · Foxit Pdf Reader+1

Published

2022-02-10

Updated

2022-02-17

CVE-2022-24954

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions prior to 11.2.1 Foxit PDF Editor versions prior to 11.2.1

Description The issue is related to a Stack-Based Buffer Overflow in the XFA component, specifically triggered by the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings.

Recommendations For Foxit PDF Reader versions prior to 11.2.1, update to version 11.2.1 or later. For Foxit PDF Editor versions prior to 11.2.1, update to version 11.2.1 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-24954

Affected Products

Foxit Pdf Editor

Foxit Pdf Reader

PT-2022-17011 · Foxit · Foxit Pdf Reader+1

CVE-2022-24954

Weakness Enumeration

Related Identifiers

Affected Products

References · 4