CVE-2022-26979: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 were affected by a NULL pointer dereference vulnerability identified as CVE-2022-26979. The vulnerability was discovered in early 2022 and occurs when this.Span is used for oState of Collab.addStateModel, as this.Span.text can be NULL (MITRE CVE, Foxit Security).

The vulnerability is characterized by a NULL pointer dereference condition that occurs specifically when this.Span is used for oState of Collab.addStateModel. The issue arises because this.Span.text can be NULL, leading to potential system instability. The vulnerability has been assigned a moderate severity rating (ManageEngine Database).

The vulnerability could potentially lead to a denial of service condition when exploited. When triggered, the NULL pointer dereference could cause the application to crash, disrupting normal operations (CERT-FR).

The vulnerability was addressed in Foxit PDF Reader version 12.0.1 and PDF Editor version 12.0.1. Users are advised to upgrade to these or later versions to mitigate the risk. The fix can be obtained through the standard software update mechanism or by downloading the latest version from the Foxit website (Foxit Security).