CVE-2022-25641

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions prior to 11.2.2 PDF Editor versions prior to 11.2.2 PhantomPDF versions prior to 10.1.8

Description The issue arises from the mishandling of cross-reference information during compressed-object parsing within signed documents. This leads to the delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. The parsing engine fails to use the cross-reference information correctly when parsing certain compressed objects, resulting in a parsing error.

Recommendations For Foxit PDF Reader versions prior to 11.2.2, update to version 11.2.2 or later to resolve the issue. For PDF Editor versions prior to 11.2.2, update to version 11.2.2 or later to resolve the issue. For PhantomPDF versions prior to 10.1.8, update to version 10.1.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of signed PDF files until a patch is available.