CVE-2022-37377Type Confusion in PDF Editor

CWE-843Type Confusion3 documents3 sources
Severity
7.8HIGHNVD
EPSS
2.0%
top 16.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedMar 29

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the c

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDfoxit/pdf_editor11.0.011.2.3+2
CVEListV5foxit/pdf_editor11.1.1.53537;
NVDfoxit/pdf_reader< 12.0.1

🔴Vulnerability Details

2
CVEList
CVE-2022-37377: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 112023-03-29
GHSA
GHSA-4mfr-5g26-5m2m: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 112023-03-29
CVE-2022-37377 — Type Confusion in Foxit PDF Editor | cvebase