CVE-2022-40129

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 12.0.1.12430

Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

Recommendations For Foxit Software's PDF Reader version 12.0.1.12430, consider disabling the JavaScript engine or the browser plugin extension as a temporary workaround until a patch is available. Avoid opening suspicious PDF documents or visiting untrusted websites with the browser plugin extension enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.