CVE-2022-38097

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 12.0.1.12430

Description A use-after-free issue exists in the JavaScript engine of Foxit Software's PDF Reader. This occurs when annotation objects are prematurely destroyed, allowing a specially-crafted PDF document to trigger the reuse of previously freed memory. This can lead to arbitrary code execution. An attacker must trick the user into opening the malicious file to trigger this issue. Additionally, exploitation is possible if a user visits a specially-crafted, malicious site when the browser plugin extension is enabled.

Recommendations For version 12.0.1.12430, consider disabling the JavaScript engine in the PDF Reader as a temporary workaround until a patch is available. Restrict access to malicious sites and avoid opening untrusted PDF documents to minimize the risk of exploitation.