CVE-2022-24955Uncontrolled Search Path Element in PDF Editor

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor11.0.1.071911.2.0.53415+1
NVDfoxit/pdf_reader11.1.0.52543

Patches

Patch: www.foxit.comPatch: www.foxit.com

🔴Vulnerability Details

2
GHSA
GHSA-c5f6-v2fm-qcrh: Foxit PDF Reader before 112022-02-12
CVEList
CVE-2022-24955: Foxit PDF Reader before 112022-02-11
CVE-2022-24955 — Uncontrolled Search Path Element | cvebase