What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2022-34874.

What is the affected software?

The affected software is Foxit PDF Reader versions up to and including 11.2.2.53575.

Is user interaction required to exploit this vulnerability?

Yes, user interaction is required to exploit this vulnerability. The target must visit a malicious page or open a malicious file.

What is the severity of CVE-2022-34874?

The severity of CVE-2022-34874 is low, with a severity value of 3.3.

Is Microsoft Windows affected by this vulnerability?

No, Microsoft Windows is not vulnerable to this vulnerability.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Foxit support website (https://www.foxit.com/support/security-bulletins.html) and the Zero Day Initiative advisory (https://www.zerodayinitiative.com/advisories/ZDI-22-951/).

What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?

The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-125.

Vulnerability/
CVE-2022-34874

low

3.3

CWE

125

18/7/2022

23/7/2022

22/10/2023

CVE-2022-34874: Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability

Q: What is the title of this vulnerability?

The title of this vulnerability is 'Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability'.

First published: Mon Jul 18 2022(Updated: )

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17474.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
Foxit PDF Editor	<=10.1.8.37795
Foxit PDF Editor	>=11.0<=11.2.2.53575
Foxit PDF Reader	<=11.2.2.53575
Microsoft Windows
Foxit PDF Reader

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-34874.
What is the title of this vulnerability?
The title of this vulnerability is 'Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability'.
What is the affected software?
The affected software is Foxit PDF Reader versions up to and including 11.2.2.53575.
Is user interaction required to exploit this vulnerability?
Yes, user interaction is required to exploit this vulnerability. The target must visit a malicious page or open a malicious file.
What is the severity of CVE-2022-34874?
The severity of CVE-2022-34874 is low, with a severity value of 3.3.
Is Microsoft Windows affected by this vulnerability?
No, Microsoft Windows is not vulnerable to this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Foxit support website (https://www.foxit.com/support/security-bulletins.html) and the Zero Day Initiative advisory (https://www.zerodayinitiative.com/advisories/ZDI-22-951/).
What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?
The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-125.

collector/nvd-index
collector/zdi-advisory
alias/ZDI-22-951
alias/ZDI-CAN-17474
alias/CVE-2022-34874
agent/title
agent/type
vendor/foxit
canonical/foxit pdf editor
version/foxit pdf editor/10.1.8.37795
version/foxit pdf editor/11.0
version/foxit pdf editor/11.2.2.53575
canonical/foxit pdf reader
version/foxit pdf reader/11.2.2.53575
vendor/microsoft
canonical/microsoft windows