CVE-2022-22150

Exploit

EPSS 0.86%
Published 04.02.2022 23:15:12
Last modified 21.11.2024 06:46:15
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Foxit ≫ Pdf Reader Version11.1.0.52543

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.86%	0.74

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-22150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22150

EUVD