Home

CVE-2022-24954

Description

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the subform colSpan=-2 and draw colSpan=1 substrings.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.897

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (MSI) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (EXE) (10.1.7.37777)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.12.54161)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-323836Foxit PhantomPDF 10 (ML) (EXE) (10.1.7.37777)
PATCH-323837Foxit PhantomPDF 10 (ML) (MSI) (10.1.7.37777)
PATCH-323838Foxit PhantomPDF 10 (MSI) (10.1.7.37777)
PATCH-323835Foxit PhantomPDF 10 (EXE) (10.1.7.37777)
PATCH-330913Foxit PDF Editor 11 (ML) (EXE) (11.2.6.53790)
PATCH-330914Foxit PDF Editor 11 (ML) (MSI) (11.2.6.53790)
PATCH-330912Foxit PDF Editor 11 (EXE) (11.2.6.53790)
PATCH-330915Foxit PDF Editor 11 (MSI) (11.2.6.53790)
PATCH-330913Foxit PDF Editor 11 (ML) (EXE) (11.2.6.53790)
PATCH-330914Foxit PDF Editor 11 (ML) (MSI) (11.2.6.53790)
PATCH-330912Foxit PDF Editor 11 (EXE) (11.2.6.53790)
PATCH-330915Foxit PDF Editor 11 (MSI) (11.2.6.53790)
PATCH-342372Foxit PDF Editor 11 (EXE) (11.2.11.54113)
PATCH-342373Foxit PDF Editor 11 (ML) (EXE) (11.2.11.54113)
PATCH-342374Foxit PDF Editor 11 (ML) (MSI) (11.2.11.54113)
PATCH-342375Foxit PDF Editor 11 (MSI) (11.2.11.54113)
PATCH-343981Foxit PDF Editor 11 (EXE) (11.2.12.54161)
PATCH-343982Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)
PATCH-343983Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)
PATCH-343984Foxit PDF Editor 11 (MSI) (11.2.12.54161)
PATCH-343981Foxit PDF Editor 11 (EXE) (11.2.12.54161)
PATCH-343982Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)
PATCH-343983Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)
PATCH-343984Foxit PDF Editor 11 (MSI) (11.2.12.54161)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234