CVE-2022-24368: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-24368 is a security vulnerability discovered in Foxit PDF Reader version 11.1.0.52543. The vulnerability was reported on December 16, 2021, and publicly disclosed on February 10, 2022. This flaw affects the handling of Doc objects within the PDF Reader application (ZDI Advisory).

The vulnerability stems from the lack of validation when handling Doc objects, specifically failing to validate the existence of an object prior to performing operations on it. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity with local access required (ZDI Advisory).

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. The impact is limited to information disclosure, but attackers could potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update their Foxit PDF Reader to the latest version. The fix is available through the official Foxit security bulletin (Foxit Security Bulletin).