CVE-2022-37332

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 12.0.1.12430

Description A use-after-free issue exists in the JavaScript engine, allowing arbitrary code execution through the misuse of the media player API. This can be triggered by opening a specially-crafted PDF document or visiting a malicious site with the browser plugin extension enabled. An attacker must trick the user into opening the malicious file to exploit this issue.

Recommendations For version 12.0.1.12430, consider disabling the JavaScript engine or the browser plugin extension as a temporary workaround until a patch is available. Restrict access to malicious sites and avoid opening untrusted PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.