CVE-2022-24954Out-of-bounds Write in PDF Editor

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor11.0.1.071911.2.0.53415+1
NVDfoxit/pdf_reader11.1.0.52543

Patches

Patch: www.foxit.comPatch: www.foxit.com

🔴Vulnerability Details

2
GHSA
GHSA-j3w8-vh53-8rrp: Foxit PDF Reader before 112022-02-12
CVEList
CVE-2022-24954: Foxit PDF Reader before 112022-02-11
CVE-2022-24954 — Out-of-bounds Write in PDF Editor | cvebase