CVE-2022-32774

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 12.0.1.12430

Description A use-after-free issue exists in the JavaScript engine of Foxit Software's PDF Reader. This can be triggered by a specially-crafted PDF document that prematurely deletes objects associated with pages, leading to the reuse of previously freed memory and potentially allowing arbitrary code execution. An attacker can exploit this by tricking a user into opening a malicious file or by having the user visit a specially-crafted malicious site if the browser plugin extension is enabled.

Recommendations For version 12.0.1.12430, consider disabling the JavaScript engine in the PDF Reader as a temporary workaround until a patch is available. Restrict access to malicious PDF files and avoid visiting untrusted websites with the browser plugin extension enabled.