Home

CVE-2022-25108

Description

Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.164

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (MSI) (10.1.7.37777)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (EXE) (10.1.7.37777)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.2.53575)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.1.53537)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.11.54113)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.10.53951)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)Windows
Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.12.54161)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-323836Foxit PhantomPDF 10 (ML) (EXE) (10.1.7.37777)
PATCH-323837Foxit PhantomPDF 10 (ML) (MSI) (10.1.7.37777)
PATCH-323838Foxit PhantomPDF 10 (MSI) (10.1.7.37777)
PATCH-323835Foxit PhantomPDF 10 (EXE) (10.1.7.37777)
PATCH-330913Foxit PDF Editor 11 (ML) (EXE) (11.2.6.53790)
PATCH-330914Foxit PDF Editor 11 (ML) (MSI) (11.2.6.53790)
PATCH-330912Foxit PDF Editor 11 (EXE) (11.2.6.53790)
PATCH-330915Foxit PDF Editor 11 (MSI) (11.2.6.53790)
PATCH-330913Foxit PDF Editor 11 (ML) (EXE) (11.2.6.53790)
PATCH-330914Foxit PDF Editor 11 (ML) (MSI) (11.2.6.53790)
PATCH-330912Foxit PDF Editor 11 (EXE) (11.2.6.53790)
PATCH-330915Foxit PDF Editor 11 (MSI) (11.2.6.53790)
PATCH-342372Foxit PDF Editor 11 (EXE) (11.2.11.54113)
PATCH-342373Foxit PDF Editor 11 (ML) (EXE) (11.2.11.54113)
PATCH-342374Foxit PDF Editor 11 (ML) (MSI) (11.2.11.54113)
PATCH-342375Foxit PDF Editor 11 (MSI) (11.2.11.54113)
PATCH-343981Foxit PDF Editor 11 (EXE) (11.2.12.54161)
PATCH-343982Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)
PATCH-343983Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)
PATCH-343984Foxit PDF Editor 11 (MSI) (11.2.12.54161)
PATCH-343981Foxit PDF Editor 11 (EXE) (11.2.12.54161)
PATCH-343982Foxit PDF Editor 11 (ML) (EXE) (11.2.12.54161)
PATCH-343983Foxit PDF Editor 11 (ML) (MSI) (11.2.12.54161)
PATCH-343984Foxit PDF Editor 11 (MSI) (11.2.12.54161)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234