CVE-2022-22150: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-22150 is a memory corruption vulnerability discovered in Foxit Software's PDF Reader version 11.1.0.52543. The vulnerability was discovered by Aleksandar Nikolic of Cisco Talos and publicly disclosed on January 31, 2022. The issue exists in the JavaScript engine of the PDF reader, where a specially-crafted PDF document can trigger an exception that is improperly handled (Talos Report).

The vulnerability stems from improper handling of exceptions in the JavaScript engine, specifically in the getPageNthWordQuads method. When an exception occurs during nested execution, such as during event handler or function callback, exceptions can be caught while code continues to execute, leaving the JavaScript engine runtime in an inconsistent state. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is classified under CWE-460 (Improper Cleanup on Thrown Exception) and CWE-755 (Improper Handling of Exceptional Conditions) (NVD, Talos Report).

The vulnerability can lead to memory corruption and arbitrary code execution. An attacker can exploit this vulnerability by either tricking a user into opening a malicious PDF file or having the user visit a specially-crafted malicious website if the browser plugin extension is enabled (Talos Report).

Users are advised to update their Foxit Reader installations beyond version 11.1.0.52543. The vulnerability was disclosed to the vendor on January 11, 2022, and a fix was released before the public disclosure on January 31, 2022 (Talos Report).