CVE-2022-28670 LOW

CVE-2022-28670

Vendor Foxit

Product PDF Reader

Weakness CWE-125

Published July 18, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16523.

Key dates

02Disclosure timeline

July 18, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-28670 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/125.html

Related vulnerabilities

CVE-2022-28670

01Description

02Disclosure timeline

03References

04Related CVE