Foxit PDF Reader vulnerabilities could lead to code execution

Researchers from Cisco Talos security group have discovered vulnerabilities in popular Foxit PDF Reader that could lead to code execution.

Foxit PDF Reader software is used to create, edit, sign, and secure files and digital documents.

The first issued discovered was a use-after-free vulnerability CVE-2021-40420 in the JavaScript engine of Foxit PDF Reader. As a result, an attacker could trigger the reuse of previously freed memory, which could then lead to arbitrary code execution, Talos said in a blog post.

Talos also found a similar memory corruption vulnerability CVE-2022-22150 in Foxit that could also result in arbitrary code execution.

Users should upgrade to the latest version of Foxit Reader as soon as possible to address these vulnerabilities.