CVE-2022-22150

Exploit

EPSS 0.86%
Veröffentlicht 04.02.2022 23:15:12
Zuletzt bearbeitet 21.11.2024 06:46:15
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Reader Version11.1.0.52543

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.74

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-22150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22150

EUVD